Our Victorian based organisation have a requirement for an Information Security Manager, reporting directly to the CISO. As a pivotal member of the Information Security team, you'll collaborate across all organizational levels to craft and execute robust security frameworks and technologies safeguarding valuable information systems and assets.This is an exciting time to join the team as it is the beginning of a 2 - 3 year program of work across a security uplift. Role requires 3 days per week in the office.Responsibilities:
- Spearhead the implementation and enhancement of Information Security controls, IT security systems, and practices group-wide.
- Conduct continuous Information Security risk management, including risk identification, analysis, and mitigation in collaboration with key stakeholders.
- Conduct periodic assessments to gauge the maturity of cybersecurity controls.
- Oversee the management of third-party IT risk portfolio.
- Measure and report the efficacy of controls within our Information Security environment.
- Develop and maintain a prioritized security program to address risks, vulnerabilities, and threats.
- Identify and escalate gaps in network systems and data integrity, application security, information privacy, and regulatory compliance.
- Implement educational and technological solutions to enhance security awareness.
- Establish and manage processes for regular reporting of KPIs to the CISO and senior management.
- Manage and respond to audit action items regularly.
- Coordinate responses and remediation actions in external security engagement activities, including IT Security and IT General Controls audits, Cyber Insurance underwriting requirements, etc.
- Oversee security architecture, incident response readiness, data classification, incident recovery readiness, continual improvement, business liaison, and cloud security posture management.
- Certifications in CISSP, CISM, CISA, ISO 27001, PCI, or similar.
- At least 5 + years in a similar role (Information Security Manager / GRC Manager) within medium to large enterprises.
- In-depth knowledge of security controls frameworks and experience in developing and maintaining prioritized security programs aligned with the organization's risk appetite and threat landscape.
- Technical background to understand security by design / architecture
- Experience in managing outsourced services with third-party providers.
- Experience in responding to Cyber Security Incidents (desirable)
- Strong commercial acumen with the ability to assess risk and develop appropriate remediation strategies.
- Demonstrated proficiency in project management and change management.
- Ability to provide guidance and drive change across a complex national organization.
- Tertiary qualifications in ICT, management, or related discipline.