IT Security, Risk and Compliance Manager

Location Southbank
Discipline Cyber Security, Governance, Risk & Compliance
Job reference 164152
Salary Up to AU$145000.00 per annum

This State Government Agency is in the look for a experienced IT Security, Risk and Compliance Manager, to make part of their team. The role will focus on governance and roadmap execution and implementation.

Position Purpose

The Security Manager is responsible for the definition, implementation, operation and governance of the organisation's security, risk and compliance capabilities across IT. The Security Manager will lead the establishment of the appropriate security controls, standards, security architecture and risk processes and provide leadership for Cyber Security, Risk and compliance whilst working collaboratively with business and IT stakeholders. The Security manager will:

  • Ensure a strategic and integrated approach to cyber security, policies and processes with a focus on information management and effective risk-based decision making across the organisation
  • Manage the IT security controls, standards and processes including
    • Oversee security architecture covering identity and access management
    • Interrogate the effectiveness of the implementation of security controls in support of compliance, information and risk management
    • Determine security requirements by evaluating business strategies, IT investments and project requirements and define security requirements to protect assets and service levels
    • Conducts system security and vulnerability analyses and risk assessments
  • Set, manage and maintain the IT security policies and strategies by;
    • Developing and maintaining the information Security Policy and supporting processes
    • Defining and ensuring adherence to security policies and standards and ensure that confidentiality, integrity and availability of the services are maintained
    • Constantly update the security strategy and policies to leverage new technology and threat information or compliance changes
  • Responsible for the day to day management of risk and compliance in the delivery of IT services
    • Owns and manages the IT risk management framework and works with key business and IT stakeholders to communicate and manage IT risks.
    • Identify and tackle compliance requirements and build awareness of compliance requirements within the organisation.
  • Serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of employee and business information in compliance with the Victorian Protective Data Security Framework (VPDSF)
  • Lead the relationships with internal and external auditors and oversee proactive management and closure of audit and regulator findings
  • Contribute to operational and strategic governance forums providing thought leadership for the respective security, risk and compliance domains.
  • Conduct investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities. Lead the incident response for cyber related breaches leveraging partnerships with other government agencies.

Key Accountabilities

Security Management

  • Proactively leading IT security including the development of IT security policies, procedures, processes and suitable technologies. Defines and implements a risk-based approach to the management of IT security ensuring a balance of business outcomes and risk management.
  • Responsible for the day to day management of IT security and ensuring protection of IT assets & information as well as the prevention and management of breaches.
  • Determines enterprise wide security requirements against business needs, including new IT investments and defines the appropriate level of security requirements to protect assets and service levels.
  • Provides expert advice to internal and external stakeholders on all related IT security matters and conducts system security and vulnerability analyses and risk assessments. Conduct investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
  • Builds awareness and establishes effective communications and/or training for the proactive management of IT security.

Audit, Risk and Compliance

  • Report IT risks and associated information both at an operational and strategic level. Drives the generation of risk mitigation strategy and establish third party risk management processes and governance.
  • Brief the executive team on status and risks, communicate risks and best practices and provide training to all parts of the business
  • Works collaboratively with senior business stakeholders within Legal, Risk and Compliance and provides leadership across all IT functions for IT Risk and compliance.
  • Manage audit requirements across IT, ensuring respective system owners are delivering against the audit findings. Leads the relationships with internal and external auditors to oversee proactive management and closure of audit and regulator findings.
  • Identifies and tackles compliance requirements and build awareness of compliance requirements within the organisation. Implement a compliance monitoring programme and reports and manage IT compliance breaches

IT Governance

  • Ensures adherence to IT security policies and standards and makes sound Security and Risk decisions on new investments ensuring alignment to standards and policies.
  • Contribute to operational and strategic governance forums providing thought leadership for the respective security, risk and compliance domains. Develop and maintain key governance artefacts in support of IT governance.
  • Ensures that disaster recovery and business continuity plans are in place, tested and any improvement opportunities are assessed for implementation

Stakeholder and Relationship Management

  • Develop and maintain productive and collaborative relationships with key stakeholders in order to support achievement of the business and IT priorities.
  • Proactively serve as a trusted advisor and act as the primary point of contact for IT security, risk and compliance across the organisation.
  • Manage external relationships including partners and suppliers to ensure security services are delivering against the intended business and IT outcomes.
  • Establish strong relationships with other government agencies and strategic suppliers to leverage existing services.

Values, Safety and Wellbeing

  • Champion the Agency's preferred culture to meet corporate objectives and to promote teamwork, employee development and empowerment to foster a culture of high performance and a workforce which demonstrates behaviours consistent with corporate values.
  • Provide and maintain a working environment that, as far as reasonably practicable, is safe and without risks to the health, safety and wellbeing of all (employees, contractors, volunteers).

Finance and Governance

  • Drive a focus on financial and commercial rigour to IT across the board.
  • Ensure effective budget, spend and financial reporting which meets the organisation's overall legal and statutory requirements and control expenditure within budget limits whilst maximising the value of management resources.
  • Lead and support the compliance through internal controls, including policies, procedures and delegations to manage how decisions and actions are undertaken to achieve Agency's objectives.

QUALIFICATIONS AND EXPERIENCE

  • 5+ years' experience within IT and Security with a minimum of two years in an IT security management role.
  • Exposure to a broad range of IT functions and disciplines, with a strong working knowledge of IT governance and/or information governance
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ASD, COBIT and NIST.
  • Knowledge of enterprise information and cyber security processes, concepts, and best practices, with an exposure to public cloud models is desirable.
  • Demonstrated capability in effective reporting to executive management and/or Board.
  • Regulatory compliance knowledge including PCI, VPDSF as well as knowledge and experience of network and infrastructure security and vulnerabilities.
  • Demonstrated technical expertise in ICT security and the application of ICT security measures.
  • Experience across other security areas including penetration testing, security architecture or design and security governance including hands-on experience implementing security solutions
  • Working knowledge of The Victorian Protective Data Security Framework (VPDSF) and the Information Management Framework for the Victorian Public Sector and the Public Records Office Victoria Specifications and Standards is highly desirable.
  • IT Risk and/or compliance management experience is preferred
  • CISSP/CISM or equivalent certifications preferred

Juan Carlos Marino Londono
Recruitment Specialist


ManpowerGroup is committed to being a Diversity Confident Recruiter and encourages applications from people from a diverse range of backgrounds, including people with a disability. Please indicate your preferred method of communication in your resume and please let us know if you require any reasonable adjustments should you be contacted for an interview.

Aboriginal and Torres Strait Islander people are encouraged to apply.

By submitting your resume and other personal information with this application you are consenting to this information being collected in line with our privacy policy. Follow the link to learn more - www.manpowergroup.com.au/privacy-policy

State: QLD, licensee/s Manpower Services (Australia) Pty Ltd, LHL-02026-D5L4Q. State: QLD, licensee/s Experis Pty Ltd, LHL-02014-Y5F6D. State: SA, licensee/s Manpower Services (Australia) Pty Ltd, LHS 288856