As a seasoned IT Security professional, you will play a vital role in shaping the organization's risk management strategy. Your expertise will be instrumental in ensuring the security and compliance of our systems and data.
About the Role
The IT Security Risk and Compliance Manager is responsible for guiding the Governance, Risk, and Compliance (GRC) team in delivering security governance, risk, and compliance activities. This includes managing reporting to governance forums, guiding third-party risk activities, ensuring compliance activities are performed, undertaking risk assessments, and maintaining information security policies.
* Lead IT Risk Management: Develop and manage cyber risk frameworks, maintain the Officeworks cyber risk register, conduct risk assessments, and follow up with risk mitigation activities.
* Compliance Oversight: Ensure compliance activities related to key regulations such as PCI-DSS and Privacy Act are regularly conducted.
* Third-Party Risk: Oversee the third-party risk assessment process and assist the team in finalizing assessments.
* Audit & Risk Reporting: Facilitate audits and assessments, monitor and report on audit findings, and remediation activities.
* Security Reporting: Collate and edit regular reporting to senior management and governance forums on the status of security within the organization.
* Quality Assurance: Ensure that IT risks are managed in line with industry best practices.
* Leadership & Culture: Lead a security team, promote a positive security culture, and contribute to change initiatives.
About You
To succeed in this role, you will need:
* Tertiary qualifications in Computer Science, Cyber Security, or a relevant field.
* Relevant industry certifications such as CISSP or CISM.
* 5+ years of IT Security experience, ideally within the retail sector.
* Experience working and presenting to senior business leaders.
* Expertise in IT risk management frameworks and security control frameworks (ISO, NIST).
* Experience in leading teams.
* Strong communication, presentation, and stakeholder engagement skills.
* Aptitude to lead, guide, and develop team members reporting to you.
* Ability to translate technical security information into business-friendly language.
Our Culture
We celebrate diversity and inclusivity, offering flexible working arrangements, a focus on wellbeing and safety, generous discounts, ongoing training and development opportunities, and a commitment to providing a safe and supportive work environment for everyone.