Senior Cyber Governance, Risk & Assurance Lead
Canberra EL2 equivalent Long?term Contract National Health Mission
A major Australian Government organisation is strengthening its cyber resilience and is seeking a senior cyber governance and risk leader to help uplift security across systems that support national health operations. This is a high influence role working closely with the CISO to shape strategy, guide uplift programs, and ensure the organisation meets its obligations under the PSPF, ISM, ACSC Essential Eight, and broader government security frameworks.
If you thrive in complex environments where your advice directly influences executive decision?making and national?level operational continuity, this is a role where your expertise genuinely matters.
The Opportunity
You'll operate as a trusted advisor to the CISO, leading governance, risk, assurance, and compliance activities across the organisation. Your work will directly support the protection of critical data, services, and public?facing capabilities during periods of heightened national health demand.
This role suits someone who brings deep expertise, strong judgement, and the ability to drive structured uplift across multiple workstreams.
What You'll Lead
Strategic Governance & Advisory
* Provide authoritative advice to the CISO on cyber risk posture, assurance outcomes, compliance obligations, and uplift priorities
* Support executive, board, and ministerial reporting, including risk summaries and accreditation documentation
* Act as a senior escalation point for major vulnerabilities, systemic risks, and control breakdowns
Policy, Frameworks & Compliance
* Maintain and uplift all cybersecurity policies, standards, and procedures
* Ensure alignment with PSPF, ISM, Essential Eight and mandated government frameworks
* Lead the cybersecurity governance framework, ensuring clear accountability and consistent application
Essential Eight & Assurance
* Lead Essential Eight maturity assessments, evidence management, reporting, and remediation planning
* Conduct audits, control assessments, and compliance reviews across operational and project environments
* Track remediation activities and ensure timely closure of findings and vulnerabilities
Cyber Risk Management
* Conduct complex cyber risk assessments across systems, projects, integrations, and third?party environments
* Maintain the enterprise cyber risk register and provide clear reporting to senior leadership
* Recommend risk treatments aligned to organisational appetite and governance expectations
Vendor & Third?Party Security
* Oversee supplier and third party security assurance
* Review assurance artefacts including pen test reports, certifications, architectural designs, and control evidence
* Embed security requirements into procurement, contracts, and onboarding processes
Accreditation & Documentation
* Produce high quality accreditation packages, security plans, risk assessments, and audit ready evidence
* Develop monthly reporting on risk posture, maturity, compliance, and assurance progress
Leadership & Uplift
* Lead governance, risk, and assurance work programs across multiple streams
* Mentor junior staff and uplift internal capability
* Drive continuous improvement based on lessons learned, regulatory changes, and emerging threats
What You Bring
* Deep expertise in PSPF, ISM, Essential Eight, and government security frameworks
* Strong background in cyber governance, risk, assurance, and policy
* Experience advising senior executives and influencing strategic decisions
* Ability to lead complex uplift programs across diverse stakeholders
* Exceptional documentation, communication, and analytical skills
* A steady, authoritative presence during high?pressure or high?visibility situations
Why This Role Matters
This is a rare opportunity to shape the cyber governance foundations of an organisation with national?level responsibilities. Your work will directly contribute to the resilience of systems that support Australia's health operations, especially during times when the country needs them most.
If you're a senior cyber governance and risk professional ready for a meaningful challenge, I'd love to talk.
We are an inclusive employer committed to fostering a diverse and accessible workplace. We encourage applications from Aboriginal and Torres Strait Islander peoples, people with disabilities, LGBTQIA+ individuals, people of all ages, and those from culturally and linguistically diverse backgrounds.