Our client is an automotive technology company seeking a pragmatic, technically credible security leader to own information security governance and risk management. You will build out their controls program, drive their ISO/IEC 27001 certification, and embed a security-first culture across engineering, product and operations.
Working directly with engineering teams on GCP and AWS, you'll integrate with developer tooling and use AI‐augmented approaches to scale security across a lean team. You'll also be visible to the Board and executive leadership, translating technical risk into business language.
Reporting to the Chief Technology Officer, you'll serve as the primary point of accountability for our client's Data Information Governance Committee (DIGC) and coordinate with external auditors, penetration testers and compliance assessors.
Key Responsibilities
* Own the information security function and ISMS, including policies, standards and procedures
* Run the enterprise cyber risk program — identify, assess, treat and report on risks via the compliance automation platform
* Chair the DIGC and prepare risk reports for Board and executive stakeholders
* Lead ISO/IEC 27001 certification and maintain the SOC 2 Type 2 program, including continuous monitoring, control testing and audit coordination
* Manage compliance obligations across the Australian Privacy Act, GDPR and EU AI Act as applicable
* Maintain the compliance automation platform, covering policy workflows, vendor risk and control monitoring
AI Security & Governance
* Develop and implement an AI Security Strategy and Acceptable Use Policy covering approved tools, shadow AI controls, data sovereignty and incident reporting
* Provide security review for new AI integrations, agentic workflows and LLM‐powered product features
* Use AI tooling proactively to enhance security posture — vulnerability identification, automated control monitoring, threat intelligence and documentation
Technical Security Operations
* Drive centralised logging and security monitoring, including SIEM evaluation and deployment
* Oversee vulnerability management across GCP, AWS, GitHub and third‐party SaaS, prioritising findings from SAST/SCA tooling, dependency scanning and penetration testing
* Coordinate penetration testing engagements and track remediation to closure
* Own the Incident Response, Business Continuity and Disaster Recovery plans
* Manage DLP, access control reviews, user access management and break‐glass provisioning across Google Workspace, GCP, GitHub and key SaaS platforms
Third‐Party Risk & Security Culture
* Own the third‐party risk management program, including vendor questionnaires, ongoing assessments and contract security requirements
* Maintain the vendor register
* Oversee the security awareness program, including phishing simulation tooling and onboarding requirements
* Build security literacy across non‐technical functions and serve as the internal subject matter expert
What Our Client Offers
* A genuinely impactful role that you will shape from the ground up
* Direct access to the CTO and executive leadership, with Board‐level visibility
* A technically sophisticated team that takes security seriously, with AI‐native tooling already embedded in the development workflow
* Flexible working with offices in Melbourne, Sydney and Brisbane
#J-18808-Ljbffr