Shape the cybersecurity strategy and resilience from the ground up. About Our Client This is a permanent position within a company in the financial services sector. The company is recognised for its focus on innovation in technology and its commitment to providing secure solutions to its clients. Job Description As the Information Security Officer, you will: Provide expert advice to ICT and business stakeholders to strengthen the organisation's security posture. Support the development and continuous improvement of the information security governance framework, including policies, standards, and procedures. Ensure security controls are implemented, monitored, and aligned with internal policies, regulatory obligations, and audit requirements. Conduct threat hunting, forensic investigations, and integrate findings into governance, risk, and compliance (GRC) reporting. Participate in enterprise risk assessments and perform control testing to evaluate and mitigate information security risks. Lead vulnerability assessments and penetration testing, and recommend remediation strategies aligned with the organisation's risk and security objectives. Conduct third-party risk assessments and support vendor security reviews during procurement and on boarding processes. Investigate and implement emerging technologies and practices to enhance security capabilities and resilience. Promote a culture of compliance and accountability through the delivery of security awareness and education programs. Manage and enhance the information security incident response process, including post-incident reviews and continuous improvement. Provide cybersecurity and GRC input in project planning, delivery, and business decision making forums. Conduct gap assessments against the WA Cyber Security Policy and ensure alignment with the Essential Eight Maturity Level 1. Establish and maintain governance frameworks, security guardrails, and operational risk registers. Maintain and uplift security policies, guidelines, and documentation to reflect evolving threats and compliance requirements. The Successful Applicant You'll bring a solid foundation in information security, along with a proactive mindset and a collaborative approach. Ideally, you will have: A tertiary qualification in a relevant discipline. Proven experience in information security and Governance, Risk & Compliance (GRC). Hands on expertise in incident response, infrastructure hardening, and day-to-day security operations. Familiarity with tools such as SIEM, DLP, EDR/XDR, CASB, and threat intelligence platforms. A strong understanding of key standards and frameworks, including ISO 27001, PCI-DSS, NIST, ASD Top 8, the Privacy Act, and APRA CPS 234. Knowledge of secure software development practices and common application vulnerabilities (e.g. OWASP Top 10). Solid technical knowledge of Windows and Linux environments, as well as networking protocols across the OSI model. Experience conducting security assessments, audits, and implementing security technologies. A good grasp of risk management principles and compliance frameworks. Strong analytical and problem-solving skills, with the ability to think critically and act decisively. Excellent communication skills and the ability to engage effectively with both technical and non-technical stakeholders. A flexible, team-oriented attitude with the ability to step into technical tasks when needed. Preferred certifications include: CISM, CISA, SABSA, CISSP, ISO 27001 Lead Auditor/Implementer, or PCI-QSA. What's on Offer Flexible working arrangements. The opportunity to be part of a mission-driven organisation making a meaningful impact across Western Australia. A dynamic and collaborative environment with room to grow and develop your career. A chance to shape and influence the future of the organisation's information security landscape. If you're ready to take the next step in your career as an Information Security Officer, we encourage you to apply today!