AddressChallenger Limited is an ASX-listed investment management firm managing $105 billion in assets (as at 30 June 2023). Life with us is fast moving and always exciting. Together we're driving to deliver our vision to provide our customers with financial security for a better retirement.
We achieve this goal by providing a work environment where people from diverse backgrounds, with a range of skills and experiences can contribute and succeed.
Stakeholder Management - Liaise with technology partners (Accenture) and the business and provide guidance on policy adherence, hardening standards, framework alignment (NIST CSF, ISO27001 and CPS234) and act as an advisor on architecture decisions, designs, business plans and project work/uplift initiatives.
Cybersecurity Tool Health, Policy and Configurations Oversight - ensure all of the technology solutions and cybersecurity tools protecting Challenger are operating effectively, configured correctly by Accenture or partners and the controls are on all information assets.
Change advisory - provide advice to projects and business to ensure Cyber Security controls are implemented effectively and appropriately. Example includes supporting the onboarding of ALIP and integration technologies to ensure the correct security standards are applied. Ensure Cyber Security policy is updated and enforced across the organization.
Cyber Incident Management
- develop and implement communication strategies aligned with operational threat intelligence.
- identify and report breaches or potential intrusion incidents promptly, enabling informed decision-making.
Cyber Intelligence - collate and respond to intelligence
- Prepare and deliver briefs and cyber threat intelligence reports for management and material service providers
- Identify and undertake complex research and analysis of relevant cyber threat actors
- Provide situational awareness on current and emerging threats
- Analyse identified cyber threat event data and fuse with all-source intelligence
- Understand and use analytical tools and techniques
Incident Management:
- Provide support, guidance and reporting during major incidents and events acting as a key liaison point between Accenture, the Crisis Management Team and Challenger stakeholders.
Education and Culture Improvement:
- Ensure staff, contractors and third parties are fully aware of the Information Security Management System (ISMS) and good practice on how to identify suspicious activity, phishing, business email compromise, misconfiguration of network or IT equipment and insider threats.
Risk Management:
- Ensure incidents and risks are addressed in a timely manner in line with the operational risk framework and BRiskWise timeframes.
Key Capabilities including Knowledge & Skills:
- Stakeholder management - Building and maintaining productive relationships with stakeholders
- Continuous learning mindset: Staying informed about emerging issues, risks, and opportunities in Cyber Security; keeping up with industry trends, technologies, and regulatory changes
- Project Management: Coordinate and manage Cyber Security initiatives. This involves preparing discussion papers, briefs, and submissions, adhering to project management methodologies, and ensuring timely delivery of projects
- Risk assessment: Understanding and being able to evaluate cyber risks
- Reporting - good written and verbal communication
Experience / Certifications required
- At least 5 years working in the Information Security industry
- Management stakeholders from across a business and supply chain
- Experience in identifying, assessing, evaluating and managing Information Technology and Information Security (IS) risk
- Working knowledge of IS control standards and frameworks, including ISO27001, NIST CSF, and audit report types such as SOC 1, SOC 2, ASAE3402, etc.
- Experience dealing with senior leaders and business heads to help influence behavior and risk mitigation outcomes
- CISM Certification (Nice to have not mandatory)
- CISSP (Nice to have not mandatory)
#LI-SA1
#LI-Challenger
We value inclusion and diversity of thought, promote flexible working practices so our people can integrate their work and personal lives, and are proud to be a Workplace Gender Equality Agency (WGEA) Employer of Choice for Gender Equality.
We believe in bringing your authentic self and a belonging in our culture. We are prideful in participating in the Australian Workplace Equality Index (AWEI) as a national benchmark on LGBTQ+ workplace inclusion and best practice in Australia. We offer the opportunity for a broad career experience and value people who are inquisitive and rigorous and are driven to make a difference.
Job type:
Permanent
Posting Close Date :
24/05/2024
