About the Company
Technology is the backbone of our business.
Our team solves complex problems daily, helping thousands of team members succeed and making life easier for millions of customers.
Our Business Protect and Secure by Design team is essential for understanding business initiatives and assessing their cyber security impact, providing strategic and security recommendations to integrate security into strategic planning and execution.
About the role
Reporting to the Head of Business Protect and Secure by Design, this role integrates and reviews security controls throughout the project and technology delivery life cycle.
We seek a proficient Security Principal to champion a Secure by Design approach, act as the primary contact for key stakeholders, build trusted relationships, and uplift cyber posture while aligning security solutions with business needs.
This role has an ASAP start and is a 12-month initial contract with potential for extension based on performance and capacity.
Responsibilities
Lead threat modelling and cyber security impact assessments for new projects and system changes.
Identify security weaknesses and develop mitigation strategies.
Drive continuous improvement initiatives within the Secure by Design domain.
Guide project managers and key stakeholders to ensure effective implementation of security controls throughout the project and technology life cycle.
Build and implement stakeholder management strategies, using targeted communication to achieve common goals.
Design and deliver communications for stakeholders up to Chief, GM, and Heads of level.
Participate in risk assessments and audits, monitoring the effectiveness of cyber controls and compliance with internal policies, regulations, and industry standards.
The successful candidate will possess:
Exceptional communication and interpersonal skills to clearly convey security risks, requirements, and recommendations to both technical and non-technical audiences.
Ability to drive business outcomes while identifying and managing cyber risk and compliance.
Expertise in conducting risk assessments, with a deep understanding of security reference architectures and up-to-date knowledge of the latest cyber security threats, vulnerabilities, and technologies.
Extensive experience (10+ years) in designing, implementing, and managing security controls within complex technology environments.
Experience in DevSecOps Transformations, OT Security, Payment Security, or AI is desirable.
Ability to lead and influence senior stakeholders and collaborate across the broader Group Cyber and Technology teams to meet business needs while managing cyber risk.
Familiarity with industry standards and best practices, such as NIST Cybersecurity Framework, ISO 27001, CCM (Cloud Controls Matrix), Essential 8 controls, PCI-DSS, Privacy legislation, and OWASP.
Relevant cyber security certifications, such as CISSP, CCSP, CISA, CISM, CRISC, SABSA, or other industry-recognised certifications are highly desirable.
For more information or a confidential discussion, please contact Abi Morton on +61 3 8080 7207 quoting reference 264768.
To apply please click the 'Apply Now' button.
#J-18808-Ljbffr