Job Description
Role and Responsibilities:
Enterprise Risk Management
* Maintain and enhance Equis' enterprise risk management framework, making appropriate recommendations to the management, including the Equis Risk and Governance Committee.
* Oversee the management of corporate, project, and asset risk registers, including facilitating regular risk reviews. (Ensure the risk management framework is being properly applied so that strategic, operational, and regulatory risks are identified, assessed, controlled, and monitored.)
* Report emerging risks and key exposures to the Risk and Governance Committee.
Critical Infrastructure Risk Management Program (CIRMP)
* Lead the ongoing implementation management, review, and continuous improvement of the company's CIRMP in accordance with the Security of Critical Infrastructure Act 2018 (Cth) and associated Rules.
* Ensure all documents required under the CIRMP are properly maintained and applied.
* Coordinate with asset owners, operational leaders, cyber security, and resilience teams to maintain and update the CIRMP risk register, controls, and assurance activities.
* Work with the Compliance and Corporate Governance Manager to oversee the annual review and board attestation processes for the CIRMP, ensuring all required documentation, evidence, and reporting are complete and compliant.
* Facilitate internal audits and assurance reviews of CIRMP controls, reporting on effectiveness and identifying improvement opportunities.
Internal Audit
* Develop and deliver a risk-based internal audit program specific to an owner and operator of assets connected to the National Electricity Market, and an energy retailer.
* Perform end-to-end audits covering operational and regulatory compliance processes.
* Assess the effectiveness of internal controls across all risk areas of the business (e.g., HSE, CIRMPs, Regulator-issued licences and approvals, ESC Victoria's Energy Retail Code of Practice).
* Report audit findings to management and the Risk and Governance Committee.
* Track and ensure timely implementation of audit recommendations.
Regulatory and Compliance
* Lead internal control testing on compliance risks associated with key regulatory obligations, including (but not limited to) obligations under the Essential Services Commission (ESC) Victoria; Australian Energy Regulator (AER); National Electricity Rules (NER); National Energy Retail Rules (NERR); Victorian Payment Difficulty Framework and life support obligations; and Department of Home Affairs.
* Work with the Legal, Compliance and Risk team to monitor and assess changes to legislative, regulatory, and threat environments that may affect the Equis Australia's risk profile and provide timely advice and recommendations to management.
* Develop and deliver risk awareness, training, and communication activities to support compliance with CIRMP and other risk-related obligations across the business.
* Liaise with regulators and government agencies as required in relation to relevant regulatory compliance, incident reporting, and information requests.
Advisory and general business support
* Manage the procurement and implementation of risk management software.
* Provide input as required to budget processes.
* Provide advice on risk and controls for strategic initiatives.
* Promote a risk-aware culture through training and business engagement.
* Present insights and recommendations to the Equis Australia Risk and Governance Committee and Global Audit and Risk Committee (as appropriate).
Job Requirements
Skills & Qualifications Essential
* Tertiary qualification in risk management, law, information security, or a related discipline.
* 6 years + experience in risk management, internal audit, or compliance within a regulated or critical infrastructure industry. Energy experience strongly preferred.
* Strong understanding of the Security of Critical Infrastructure Act 2018 (Cth), associated Rules, and regulatory reporting requirements.
* Proven ability to design, implement, and maintain enterprise risk management and assurance frameworks.
* Excellent analytical and problem-solving skills with the ability to interpret complex regulatory and technical information.
* Strong communication and stakeholder engagement skills, including the ability to influence across all levels of the organization.
* High level of integrity, discretion, and sound professional judgement in handling sensitive and confidential information.
* Demonstrated ability to manage multiple priorities and deliver outcomes under tight timeframes.
Desirable
* Professional certification in risk management, legal, audit, or governance.
* Experience developing or managing a CIRMP (or related risk management program).
* Knowledge of electricity market frameworks, the National Electricity Rules (NER), and relevant AEMO or AER compliance obligations.
* Familiarity with cyber and physical security risk management principles and frameworks.
* Experience preparing reports and assurance documentation for regulators or government agencies.