VelaAPX is a portfolio of mission-critical software businesses serving specialised industries worldwide. Part of Constellation Software Inc., we acquire and grow software companies across a variety of verticle markets. We provide our businesses with operational expertise and capital to drive sustainable growth and deliver exceptional solutions to customers globally.
We're committed to building a world-class security function that protects our diverse portfolio while enabling innovation across our global operations.
About the Role
We're seeking an experienced Senior Security Advisor to join our growing team and play a pivotal role in building our cyber security function from the ground up. Reporting directly to the CISO, this is a mission-critical position that will shape how we approach risk, compliance, and security across our entire portfolio of businesses.
This role is approximately 60% technical (security engineering and architecture) and 40% GRC. It blends hands-on technical security consulting with governance and assurance expertise to operationalise security frameworks that make real impact. If you're ready to move beyond checkbox compliance and build something meaningful, while keeping your hands on the technical work, this is your opportunity.
Location Flexibility:
Brisbane, QLD preferred (Australia-wide with hybrid flexibility considered for the right candidate)
What You'll Do Technical security consulting and architecture (≈60%)
* Provide expert technical guidance on security engineering, architecture, and operational controls across the portfolio
* Bridge the gap between technical teams and business stakeholders, translating real-world risk into actionable engineering and architecture decisions
* Partner with business unit technical teams on secure-by-design reviews, infrastructure hardening, and incident-response readiness
* Assess and advise on technical security controls across cloud, network, identity, endpoint, and application layers
Governance, risk, and compliance (≈40%)
* Operationalise risk frameworks: design and implement risk management processes that align with business objectives across multiple industry verticals
* Drive compliance initiatives across international standards including ISO 27001, SOC 2, NIST CSF, and ISO 42001
* Establish and manage vendor and third-party security risk assessments
* Help establish security policies, procedures, and best practices as we scale our security capabilities
* Work with business teams across VelaAPX's portfolio of companies, sharing knowledge and driving consistency
What We're Looking For Must-Have:
* 4–6 years of professional cyber security experience with a strong foundation in security engineering and architecture, plus working GRC fluency
* Hands‐on technical exposure across security engineering disciplines (cloud, identity, network, endpoint, application security)
* Practical experience operating against frameworks: NIST CSF, ISO 27001, and SOC 2
* Proven experience in vendor risk management and third-party security assessments
* Strong consulting and stakeholder skills: ability to translate complex security concepts for diverse audiences
* Detail‐oriented and comfortable building processes from scratch in ambiguity
* Comfortable working with different teams globally and adapting communication style across cultures
Nice-to-Have:
* Professional certifications (CISSP, CISM, ISO 27001 Lead Auditor, or similar)
* Exposure to ISO 42001 and AI / model governance considerations (advantageous but not required, AI governance is not in this role's scope, but understanding the landscape helps)
* Blue‐team, red‐team, penetration‐testing, or offensive‐security background
* Experience working in multi‐company or portfolio environments
* Background in software‐industry security challenges
* Familiarity with cloud security frameworks (AWS, Azure, GCP)
Why Join Vela APX
* Career Growth: Clear path to team leadership as we expand our security function
* Learning & Development: Access to training programs, industry conferences, and professional certifications
* Flexibility: Hybrid work model (minimum 3 days in office); Brisbane preferred, Australia-wide considered for the right candidate
* Travel Opportunities: 15–20% travel to collaborate with teams across Australia and internationally
* Impact: Build and shape security practices across VelaAPX's portfolio of companies in diverse industries
Ready to Apply?
We'd love to hear from you! If you're passionate about building security programs that balance hands‐on technical work with governance, and you're excited about shaping the future of cyber security in a dynamic, fast‐growing organisation, apply today via Seek or LinkedIn.
#J-18808-Ljbffr