Cyber Security GRC Team Lead

Racing and Wagering Western Australia (RWWA) is at the heart of WA's racing and wagering industries. As a government trading enterprise, we regulate and develop the State's racing sector and operate the TAB – a multifaceted wagering business with a presence across more than 300 retail outlets and a growing digital platform.

About Us

RWWA is at the heart of WA's racing and wagering industries. As a government trading enterprise, we regulate and develop the State's racing sector and operate the TAB – a multifaceted wagering business with a presence across more than 300 retail outlets and a growing digital platform. Our work protects the integrity of racing and wagering, strengthens industry sustainability, and delivers value to the WA community. We are proud to be an organisation driven by our values of Respect, Accountability, Connection, and Excellence.

Job Description

About the Role
We have an exciting opportunity for an experienced Cyber Security GRC Team Lead to join our Technology Division. This is a newly created role, reflecting our commitment to maturing and embedding governance, risk, and compliance practices across the organisation's cyber security function.

Reporting to the Head of Cyber Security, you will develop and maintain RWWA's cyber security policies, frameworks, manage cyber risk registers, coordinate audits, and track compliance against regulatory obligations and frameworks such as NIST CSF 2.0 and the WA Government Cyber Security Policy.

This leadership role blends strategic oversight with hands-on coordination, working closely with the Cyber Security Operations and Engineering Team Leads to ensure security controls are governed effectively, risks are understood and addressed, and a strong cyber risk culture is embedded across the organisation.

In this pivotal role, you will:

• Lead the development, maintenance, and promotion of cyber security policies, standards, and guidelines.
• Oversee cyber risk management processes, including risk identification, analysis, treatment, and maintenance of the cyber risk register.
• Manage internal and external audit activities, collect evidence, track remediation, and ensure ongoing compliance with frameworks and regulatory obligations.
• Establish and manage third-party cyber risk assessment processes in collaboration with Procurement, Legal, and Technology stakeholders.
• Consolidate and report on cyber performance, risk indicators, and assurance findings for executive and governance audiences.
• Partner with the Data and Information Governance team to ensure alignment with data classification, retention, and privacy requirements.
• Foster a culture of learning, accountability, and collaboration.

Qualifications

About You
You are an experienced cyber security professional with the capability to lead governance, risk, and compliance activities with a practical and outcome-focused approach. You have the skills to embed governance practices, manage risk, and support compliance in a changing environment. You are comfortable working with frameworks and legislation, and able to communicate security requirements clearly and effectively to stakeholders at all levels of the business.

In this role, you will bring:

• Demonstrated experience developing and managing policy frameworks aligned to organisational, regulatory, and industry requirements.
• Proven ability to maintain cyber risk registers, conduct risk assessments, and manage treatment plans effectively.
• Strong knowledge of NIST CSF 2.0 and the WA Government Cyber Security Policy, with experience in tracking and reporting compliance.
• Demonstrated experience leading internal and external audits, including evidence collection, control effectiveness reviews, and remediation tracking.
• Strong capability in assessing vendor and third-party cyber risk, working collaboratively to mitigate exposures.
• A proven track record of uplifting cyber awareness, influencing behaviours, and embedding security into business decision-making.
• Demonstrated ability to simplify complex concepts, engage stakeholders at all levels, and present compelling insights to governance forums.
• Industry experience in cyber security, with the ability to demonstrate leadership and technical depth. A tertiary qualification in information technology or cyber security, and/or relevant professional certifications, will be highly regarded.

Additional Information

Why Join Us?
At RWWA, we are strengthening our cyber security function with a focus on practical governance, risk, and compliance. This newly created role provides the opportunity to shape how cyber risk is managed across the organisation and contribute directly to our ongoing security maturity.

You'll be part of a collaborative and inclusive team where your expertise is valued, your input helps guide decisions, and your professional growth is supported.

We offer:

• Real influence – help embed governance practices that strengthen our cyber resilience.
• Flexibility that works for you – hybrid work options, flexible hours, and the tools to work effectively anywhere.
• Investment in your growth – a personal learning & development budget, and access to leading tools and training.
• A workplace built for people – brand-new offices with wellness spaces, end-of-trip facilities, and modern collaboration zones.
• Recognition that matters – competitive remuneration, employee discounts, and reward programs that celebrate your achievements.
• Purpose and pride – play a critical role in safeguarding an organisation with deep roots in the WA community.

Ready to Apply?
Click "Apply Now" and submit your CV along with a brief cover letter outlining why you're the right fit for this role. For further information, please contact our Talent Acquisition team at

At Racing and Wagering WA, we recognise that we are strengthened by diversity of gender, thought, experience, and ethnicity. We are committed to providing a safe work environment and making reasonable adjustments in which everyone is included and treated fairly. We are an Equal Opportunity Employer and encourage women, people of Aboriginal and Torres Strait Islander descent and people from diverse backgrounds to apply.

Domain: Seniority level – Mid-Senior level