Senior Information Security Risk Officer

Or client is a fast growing Retail organisation on the lookout for an experienced Senior Information Security Risk Officer to join their team.

• Permanent Role - Sydney Based
• Great Opportunity Take Fuller Ownership OF In House Information Security
• Experience with NIST, ISO27001, or ISM

This role is for someone who possesses experience working across cyber and information security risk, governance, and compliance across our technology landscape. You will bring extensive experience in driving improvement to the security posture, driving ongoing change, and offer ongoing support and consultative advice to various stakeholders and executive management.

Your Responsibilities:

• Monitoring and assessing emerging threats and vulnerabilities to the environment and ensuring those requiring action are addressed.
• Providing advice and education and maintaining the deployed security tools.
• Working with the wider Technology team in proposing Security Solutions for Network, Infrastructure, Integrations, SaaS and Endpoints.
• Security Incident Response and Management working with third party vendors and internal stakeholders.
• Assist with the development of relevant IT and Information Security Policies, Procedures and Training Material
• Provide technical administration support for security suite of software and hardware.
• Evaluate security policy, processes and procedures for completeness
• Ensure that controls are adequate to protect sensitive information systems
• Work with external partners and contractors to drive outcomes and manage end to end Security Infrastructure and policies.
• Improving BAU security posture
• Securing our cloud systems
• Securing integration layer
• Securing new and existing systems
• Securing our integration platform
• Cyber awareness programs
• Supporting Audit and Security Governance reviews

About You:

• Experience 3-5 years
• Extensive experience working within a cyber security role
• Experience with NIST, ISO27001, or ISM and strong stakeholder management skills or Certified in Risk and Information Systems Control (CRISC) or other risk management certification
• Good Understanding of infrastructure level technologies
• Good knowledge of security policy framework, risk management methodology, process, IT risk management
• Systems, tools, and conducting security risk assessments
• Experience in performing high level analysis, review and support the planning and management of security projects