Job Description In this newly created Head of Cyber Security and Risk role, you’ll provide enterprise‑wide leadership to protect AFCA, the essential services we deliver, and the trust placed in us by the community. Reporting to the Chief Technology Officer, this senior leadership role is accountable for cyber security operations, cyber risk governance, and Technology, Data & AI risk management. You’ll be a proven leader in this space with significant experience, who can set the strategic direction, embed security‑by‑design across the organisation, and act as a trusted advisor to the Executive and Board. What you’ll be responsible for: Owning enterprise cyber security outcomes, ensuring threat detection, incident response and recovery are aligned to AFCA’s risk appetite Providing executive oversight of cyber incidents and breaches, including escalation, Board reporting and regulatory notifications Setting direction and success measures for cyber security operations, with assurance over performance and continuous improvement Holding enterprise accountability for managed security services (e.g. SOC outcomes and service effectiveness) Owning AFCA’s cyber security strategy, policies and standards, aligned to regulatory and compliance requirements Acting as AFCA’s enterprise cyber risk owner, including risk identification, prioritisation, treatment oversight and residual risk reporting Providing authoritative cyber risk advice to the CTO, Executive Leadership Team and Board, including investment and risk acceptance recommendations Embedding security‑by‑design across architecture, engineering, platforms, digital services and third‑party integrations Providing assurance over major initiatives and suppliers, including sign‑off on cyber risk posture and control adequacy Holding enterprise accountability for third‑party and vendor cyber risk, partnering with Risk, Legal and Procurement Leading cyber capability, culture and maturity across the organisation, ensuring the right balance of internal expertise, managed services and specialist support Driving organisation‑wide cyber awareness and accountability, without owning day‑to‑day training delivery