IT Security, Risk and Compliance Manager

Location Southbank
Discipline Cyber Security, Governance, Risk & Compliance
Job reference 165014
Salary AU$120000 - AU$150000 per annum

This State Government Agency is in the look for a Security Manager to be responsible for the definition, implementation, operation and governance of the organisation's security, risk and compliance capabilities across IT. The Security Manager will lead the establishment of the appropriate security controls, standards, security architecture and risk processes and provide leadership for Cyber Security, Risk and compliance whilst working collaboratively with business and IT stakeholders. The Security manager will:

  • Ensure a strategic and integrated approach to cyber security, policies and processes with a focus on information management and effective risk-based decision making across the organisation
  • Manage the IT security controls, standards and processes including
    • Oversee security architecture covering identity and access management
    • Interrogate the effectiveness of the implementation of security controls in support of compliance, information and risk management
    • Determine security requirements by evaluating business strategies, IT investments and project requirements and define security requirements to protect assets and service levels
    • Conducts system security and vulnerability analyses and risk assessments
  • Set, manage and maintain the IT security policies and strategies by;
    • Developing and maintaining the information Security Policy and supporting processes
    • Defining and ensuring adherence to security policies and standards and ensure that confidentiality, integrity and availability of the services are maintained
    • Constantly update the security strategy and policies to leverage new technology and threat information or compliance changes
  • Responsible for the day to day management of risk and compliance in the delivery of IT services
    • Owns and manages the IT risk management framework and works with key business and IT stakeholders to communicate and manage IT risk
    • Identify and tackle compliance requirements and build awareness of compliance requirements within the organisation
  • Serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of employee and business information in compliance with the Victorian Protective Data Security Framework (VPDSF)
  • Lead the relationships with internal and external auditors and oversee proactive management and closure of audit and regulator findings
  • Contribute to operational and strategic governance forums providing thought leadership for the respective security, risk and compliance domains
  • Conduct investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities. Lead the incident response for cyber related breaches leveraging partnerships with other government agencies

Qualifications and Experience

  • 5+ years' experience within IT and Security with a minimum of two years in an IT security management
  • Exposure to a broad range of IT functions and disciplines, with a strong working knowledge of IT governance and/or information governance
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ASD, COBIT and NIST.
  • Knowledge of enterprise information and cyber security processes, concepts, and best practices, with an exposure to public cloud models is
  • Demonstrated capability in effective reporting to executive management and/or
  • Regulatory compliance knowledge including PCI, VPDSF as well as knowledge and experience of network and infrastructure security and
  • Demonstrated technical expertise in ICT security and the application of ICT security
  • Experience across other security areas including penetration testing, security architecture or design and security governance including hands-on experience implementing security solutions
  • Working knowledge of The Victorian Protective Data Security Framework (VPDSF) and the Information Management Framework for the Victorian Public Sector and the Public Records Office Victoria Specifications and Standards is highly
  • IT Risk and/or compliance management experience is preferred
  • CISSP/CISM or equivalent certifications preferred

Juan Carlos Marino Londono
Recruitment Specialist


ManpowerGroup is committed to being a Diversity Confident Recruiter and encourages applications from people from a diverse range of backgrounds, including people with a disability. Please indicate your preferred method of communication in your resume and please let us know if you require any reasonable adjustments should you be contacted for an interview.

Aboriginal and Torres Strait Islander people are encouraged to apply.

By submitting your resume and other personal information with this application you are consenting to this information being collected in line with our privacy policy. Follow the link to learn more - www.manpowergroup.com.au/privacy-policy

State: QLD, licensee/s Manpower Services (Australia) Pty Ltd, LHL-02026-D5L4Q. State: QLD, licensee/s Experis Pty Ltd, LHL-02014-Y5F6D. State: SA, licensee/s Manpower Services (Australia) Pty Ltd, LHS 288856