Southern Ports manages the three gateway ports of Albany, Bunbury and Esperance, and facilitates trade through the commercial management of efficient, safe, sustainable, and customer-focused ports. Our three regional ports play a vital role in connecting Western Australia with world markets. It is our belief that strong regional ports lead to strong regions, and that results in economic and social benefits for the communities across the regions we serve. Our people are our greatest asset, and we are committed to supporting our teams and building a diverse and capable workforce that is geared to meet the current and future needs of our customers and the sustainability of our ports.
Our Vision: Strong Regional Ports, Strong Regions.
The Role
Reporting to the Chief Information Officer, the Cyber Security and Governance Manager accountability and functions include supporting Southern Ports’ governance, security and risk management of the organisation’s technology ecosystem, encompassing internal systems as well as third party relationships.
The Cyber Security and Governance Manager is responsible for developing and implementing comprehensive governance frameworks, cybersecurity strategies, and third-party risk management protocols to safeguard Southern Ports’ technology assets, data, and operations while ensuring compliance with regulatory requirements and industry standards.
The role will lead Southern Ports Cyber Uplift Program aimed at enhancing the organisation's cybersecurity posture and resilience.
Key Responsibilities
- Develop and implement technology governance frameworks, policies, and procedures.
- Conduct risk assessments to identify cybersecurity threats and vulnerabilities.
- Develop cybersecurity strategies aligned with organisational objectives.
- Assess third-party vendors, suppliers and partners for cybersecurity risks and compliance.
- Establish risk mitigation strategies and controls for third-party relationships.
- Oversee the design, implementation, and maintenance of Southern Ports (IT/OT) cybersecurity architecture.
- Develop materials and content to support training and education, cyber-attack simulations, cybersecurity awareness and improve cybersecurity capabilities.
- Monitor changes in regulations and industry standards related to technology governance and cybersecurity.
- Develop and implement incident response plans to effectively detect, respond to and recover from cybersecurity incidents such as data breaches, malware infections and cyber-attacks.
- Communicate cybersecurity risks and recommendations to senior management and board members.
- Foster partnerships with external stakeholders, including industry peers and regulatory bodies.
- Degree qualified in Computer Science, Information Technology, Cybersecurity, or related field
- Relevant certifications may include:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Third Party Risk Professional (CTPRP)
- Proven track record of leadership in technology governance, cybersecurity, and third-party risk management roles, with a focus on program management and strategic planning.
- Experience in developing and implementing technology governance frameworks, policies, and procedures to ensure effective management and alignment of technology resources with organisational objectives.
- Extensive experience in formulating and executing cybersecurity strategies to protect technology assets against cyber threats and vulnerabilities, including incident response, threat detection, and vulnerability management.
- Demonstrated expertise in establishing and overseeing third-party risk management programs to assess, monitor, and mitigate risks associated with vendor relationships, outsourcing agreements, and supply chain dependencies.
- Strong understanding of technology infrastructure, systems, architectures, and cloud computing platforms, including knowledge of emerging technologies and trends.
- Familiarity with relevant regulations and compliance frameworks, such as ASD Essential 8, ISO 27001, NIST Cybersecurity Framework, and other industry-specific standards.
- Ability to travel to other Southern Ports locations (Albany, Bunbury, Esperance and Perth)
- Current WA C Class Driver’s Licence.
https://www.dropbox.com/scl/fi/htfedx425ho557f3fcv89/PD-Cyber-Security-Governance-Manager-Updated.pdf?rlkey=4myp76blxr0ljh8o7ugqagqoy&st=6ljeynt0&dl=0
Requirements
To be eligible for this permanent role, applicants must be able to provide proof of Australian citizenship or permanent residency.
The successful applicant must have a current WA driver’s licence, be able to obtain and maintain a Maritime Security Access Card and undergo a pre-employment medical assessment including drug and alcohol testing.
Southern Ports is proud to be an Equal Employment Opportunity employer and does not discriminate against race, gender, age, religion, sexual preference, or disability. We encourage applications from all culturally diverse backgrounds, Indigenous Australians, and Non-Indigenous Australians. Southern Ports is committed to creating and maintaining an inclusive and impartial workplace with equal opportunities for all employees.
Applications close 24 May 2024. We reserve the right to commence the recruitment process during the application period. Please contact Marianna at ***********@southernports.com.au for further information.