Our client a Wealth Management company is seeking someone to work as part of the Risk, Legal & Compliance team with overall responsibility for information security and IT risk functions. Working alongside the Head of Technology, senior business, risk executives and project management team within the reporting structure of the Chief Risk Officer.
You will be supported by a Senior Security Analyst and contract resource as required for Strategic Initiative support.
In this role you will be responsible for maintaining a robust and adaptive 2nd Line Information security function — and duties that include:
* Implement Group information security assurance program with additional supplementary assurance as agreed with the CRO (including targeted reviews, supplier assurance, red teaming, penetration testing, disaster recovery testing, etc.) to identify and prioritise key gaps for remediation.
* Provide high-quality risk reports to executive committees and board of directors (locally and at Group level), educating senior executives and the board on material information security and technology risks, regulatory compliance, and risk mitigation initiatives.
* Oversee Technology risk, including the design and operating effectiveness of the Australian technology controls, including support of the GS007 audit process and report this to the CRO on a regular basis
* Support third party (vendor) due diligence by assessing information security risk exposures and controls and providing recommendations for control and third party oversight governance improvements. Actively participate in monthly and quarterly vendor executive governance meetings as required — ensuring key suppliers meet contractually agreed KPIs and evolve controls to mitigate emerging risks.
* Track audit findings and recommendations to ensure issues are promptly addressed. Proactively engage internal and external auditors to identify synergies and avoid redundant reviews.
Stakeholder Management
* Develop and nurture relationships with key internal stakeholders, specifically executives, technology, risk management, legal, audit and HR management teams to create a shared sense of purpose and positive working culture.
* Liaise with external stakeholders, such as law enforcement, external auditors, advisory bodies, institutional clients, and business partners, as necessary, to ensure that the business maintains a resilient posture and promptly adjusts controls in line with emerging threats.
Security Operations
* Oversee outsourced providers and internal teams to ensure the business maintains a highly tuned and effective 24/7 security operations centre that prioritises threats on the business's most valuable digital assets.
* Ensure the technology team and outsourced vendors maintain effective cyber security operational hygiene, including access management, backups, vulnerability management, patching and systems hardening.
* At least 6 years of information security work experience, with at least 2 years as a people leader overseeing cyber security teams or key projects and influencing decision makers.
* Strong leadership skills and the ability to work effectively and influence stakeholders.
* Strong communications skills, with the ability to communicate with staff at various levels, both technical and clear business terms, regarding complex information security and technology risk issues.
Qualifications
* Bachelor or Masters degree in, Information Security, computer science or a related field (or equivalent experience).
* Industry certifications such as CISSP, CISM, CISA, or other relevant certifications.
If you're ready to take the next step in your career, we encourage you to apply now.