Job Summary
">
We are seeking an experienced professional to lead our security risk management efforts. This role will oversee the development and implementation of strategies to mitigate risks and ensure compliance with regulatory requirements.
">
Key Responsibilities
">
">
* Oversight of integrated security risk management frameworks to ensure alignment with organisational priorities, regulatory requirements, and industry standards
">
* Development of robust policies, controls, and risk practices to address evolving regulatory, compliance, and threat landscapes
">
* Leadership of cross-functional initiatives to drive secure-by-design principles, policy optimisation, and effective control implementation
">
* Fostering a risk-aware culture through systematic risk assessment, scenario planning, and clear reporting into critical decision-making processes
">
* Strong stakeholder engagement to support well-informed and transparent governance outcomes
">
">
Requirements
">
">
* Demonstrated experience in shaping and maintaining integrated security risk management frameworks, ensuring alignment with organisational priorities, regulatory requirements, and industry standards
">
* Expert knowledge of relevant regulatory and compliance frameworks, including NIST, ISO27001:2022, DISP, ISM, PCI-DSS and PSPF; ability to adapt strategies in response to evolving legislative and industry landscapes
">
* Proven ability to lead large-scale initiatives that drive secure-by-design principles, policy optimisation, and effective control implementation
">
* A track record of fostering a risk-aware culture, embedding systematic risk assessment, scenario planning, and clear reporting into critical decision-making processes
">
* Evidence of strong stakeholder engagement, influencing senior executives, legal, compliance, audit, and finance teams to support well-informed and transparent governance outcomes
">
* Advanced analytical and problem-solving capabilities, interpreting complex data, metrics, and reports to inform strategic actions; ability to drive management, board and operational reporting
">
* Strong communication, negotiation, and influencing skills to build trust and collaboration across diverse teams and functional areas
">
">
Desirable Skills & Competencies
">
">
* Familiarity with enterprise risk management tools, GRC platforms, and emerging security technologies
">
* Security risk quantification methodologies such as FAIR
">
* Experience engaging directly with regulators, industry bodies, and auditors, shaping external perceptions and reinforcing organisational credibility
">
* Knowledge of supply chain security frameworks and global best practice to further integrate governance measures throughout the extended enterprise environment
">
">
Qualifications & Education
">
">
* Bachelors in cyber security, information assurance, risk management, law, business administration or a related field
">
* Relevant professional certifications (e.g., CISA, CRISC, CISSP, CISM CGEIT)
">
">
What We Offer
">
A competitive salary package, excellent benefits, and opportunities for career growth and professional development.