Play a critical role in facilitating the collation and reporting of security obligations
About the Department
The department provides a wide range of learning and development support and services.
The department provides policy leadership, plans for the future of education in Victoria and leads key cross-sector collaboration. The department plays an important system steward role by providing support, guidance, oversight and assurance across early childhood and school education systems, as well as directly providing school education and 50 new early learning centres.
About the Division
Information Management and Technology Division (IMTD)
IMTD is responsible for supporting one of the largest technology networks in Victoria and leading the department's technology, digital capability, business systems and digital transformation. This network consists of Schools, Corporate and Early Childhood Education (ECE) including a school user base of more than 1500 Government schools, 50,000 teachers and 650,000 students. IMTD provides innovation and leadership in the transformation and management of the Department's digital capability through the implementation of solutions on the department's cloud environment (IaaS), enterprise cloud platforms (PaaS) and software (SaaS), using agile practices with a focus on user experience, security, and integration.
Information Security Services Branch
The Information Security Branch is committed to enhancing the department's security posture to corporate staff, and school teachers, principals and school administrators by efficiently and effectively implementing and maintaining security controls across infrastructure, applications, services and information.
A 3yr security strategy has been developed which augments the Digital strategy developed for the department. A number of security initiatives have been defined by the strategy that will uplift the security posture across the department.
About the Role
The Security Regulatory Analyst plays a critical role in facilitating the collation and reporting of security obligations from across the department and schools.
With a focus on the Victorian Protective Data Security Standards (VPDSS), the incumbent will lead the annual attestation activities involving over 1600 schools and multiple corporate stakeholders. The role requires knowledge of security controls, to support stakeholders embed VPDSS obligations into business planning and BAU processes, contributing to a strengthened security posture at the department.
Experience and skills in the application of security controls, stakeholder management, and coordination are a crucial part of this role.
Attributes
Regulatory Compliance
* Lead and coordinate annual compliance activities e.g. Victorian Protective Data Security Standards (VPDSS) and the Victorian Cyber Maturity Benchmark.
* Ensure corporate reporting (controls and treatments) are accurate, timely and supported with sufficient evidence.
* Track compliance maturity and provide targeted recommendations for improvement.
* Support internal and external audits and respond to queries from OVIC, VMIA, DGS or any Government Compliance entity.
Stakeholder Engagement & Communications
* Engage and support a diverse range of corporate stakeholders and school leadership to meet their regulatory reporting obligations.
* Work with stakeholders to embed VPDSS obligations into business planning and BAU processes.
* Provide training and awareness to stakeholders on compliance responsibilities and reporting obligations.
* Develop and maintain a suite of corporate and school compliance communications, guidance documentation, webinars and intranet content.
* Prepare reports and briefings for ISB leaders hip, CIO, Executive Committees, Boards and the Secretary.
Continuous Improvement and best practice
* Utilise strong analytical and technical skills to support a school attestation solution delivering a questionnaire and report to over 400 schools.
* Utilise strong technical skills in Excel, SQL and Power Automate and demonstrate proficiency in translating data into visual representation for inclusion in executive briefings.
* Identify stream trends and key areas for improvement to drive informed decision making.
* Recommend and implement enhancements to compliance processes and reporting.
* Contribute to automation initiatives to streamline compliance evidence collection and reporting.
* Support the broader Security Risk & Compliance team in risk health reporting and capability uplift.
Desirable Qualifications and Experience
Mandatory
* Bachelor's degree or Diploma in Cyber Security or related field.
* Strong knowledge of the VPDSS, PSPF, Essential Eight Maturity Model, ISO 27001, or equivalent security frameworks.
* Experience in compliance monitoring, attestation or audit coordination.
* Strong analytical and conceptual skills with experience in compliance reporting.
* Excellent stakeholder engagement and facilitation skills to engage diverse stakeholders and lead workshops.
Desirable
* Certifications in risk management, information security, or technology governance such as CISSP, CISM, CRISC.
* Formal training or certification in risk frameworks such as ISO 31000, COBIT, NIST, or SOC2
How to Apply
Applicants are required to submit a CV and a cover letter summarising their skills and experience (no more than two pages).
Further Information
For more details regarding this position please refer to the Role Statement for the capabilities to address in the application.
The department values diversity and inclusion in all forms - gender, religion, ethnicity, LGBTIQ+, disability and neurodiversity. Aboriginal and Torres Strait Islander candidates are strongly encouraged to apply. For more information about our work, working for the Department, diversity and inclusion, and our employment conditions visit the Department website and our Diversity and Inclusion page.
Applicants requiring adjustments can contact the nominated contact person.
Information about the Department of Education's operations and employment conditions can be .
For further information pertaining to the role, please contact Allison Thaddeus – Security Manager via ***************@.
Preferred applicants may be required to complete a police check and may be subject to other pre-employment checks. Information provided to the Department of Education will be treated in the strictest confidence.
Please let us know via phone or email if you require any adjustments to ensure your full participation in the recruitment process or if you need the ad or any attachments in an accessible format (e.g large print) due to any viewing difficulties or other accessibility requirements.
Applications close 11:59pm on Tuesday 3 March 2026.