Manager Privacy, Data

Job Description - Manager Privacy, Data & Assurance (0000B142)

Join us to make a difference for all students in NSW

• Ongoing, full-time opportunity
• Close to Wynyard station & hybrid work arrangements available

About the role

Are you ready to make a real impact?

NESA is hiring for multiple roles in our newly established Cybersecurity, Information Assurance, and Data Protection team, and we are looking for passionate professionals to join us.

Led by our Chief Information Security Officer, this is more than a job. It's an opportunity to help shape how data and information security is delivered across NESA, protecting sensitive information and building trust in the services that support students, teachers, and the community.

As Manager, Privacy, Data and Governance, you will have an opportunity to influence strategy, implement robust information security and data governance practices, and protect sensitive information that impacts thousands of students and teachers across the state. You will drive compliance, embed a culture of privacy and security awareness, and ensure cybersecurity is fully aligned with NESA's business and technology objectives.

On a day-to-day basis you will:

• Provide strategic oversight of cybersecurity, privacy, and data governance, aligned with NESA's business and technology goals.
• Foster a culture of security and privacy awareness across the organisation and embed secure practices.
• Oversee records and information governance in line with the State Records Act, GIPA Act, and retention requirements.
• Drive the adoption of enterprise data governance frameworks, including classification, stewardship, access controls, and accountability models.
• Develop and implement a cybersecurity roadmap, overseeing architecture and maturity assessments.
• Monitor and manage cyber/data risks, maintaining risk registers, conducting assessments, and reporting to executive leadership.
• Develop and sustain security and privacy policies and governance structures aligned with NSW Cyber Security Policy, ISM, ISO 27001, and privacy legislation.
• Build strong relationships with senior stakeholders, NSW government agencies and regulators to ensure compliance and best practice.
• Translate complex cybersecurity, privacy, and governance challenges into risk-based, practical advice for business leaders.

Provide clear and regular reporting to the executive team and board-level stakeholders.

Our ideal candidate will have:

• Experience overseeing security frameworks such as ISO 27001 and Essential Eight, as well as data protection and enterprise data governance.
• Knowledge of privacy legislation, including NSW PIPA 1998, HRIPA, and the Privacy Act 1988, with involvement in managing breach notifications and privacy governance.
• Background in leading change and contributing to improvements in cybersecurity and privacy capability within complex environments.
• Senior-level experience advising executives and driving outcomes in large or complex organisations.
• Strong stakeholder engagement skills, with the ability to influence and balance competing priorities.
• Leadership skills to guide, develop and drive performance in high-performing teams.
• Strong stakeholder management expertise, with experience navigating government processes.

Demonstrated experience at a senior level providing authoritative advice to executive leadership.

• Tertiary qualifications in a relevant discipline or equivalent professional experience.
• A valid Working with Children Check (WWCC) clearance for paid employment (prior to commencement, not required at application).

At the NSW Education Standards Authority (NESA) we work with the NSW community to drive improvements in student achievement.

We achieve this by supporting all school sectors with high-quality syllabuses, assessment (including managing the HSC and NAPLAN), teaching standards (e.g., accrediting teachers) and school environments (including setting and monitoring school standards).

To find out more about the important work we do for NSW visit our website.

Ready to join us?

Select apply and attach an up-to-date résumé (maximum 5 pages) and a cover letter (maximum 2 pages). Also address the 2 targeted questions below in your online application:

• This role requires leading the integration of privacy, data protection, records management and cybersecurity functions, while ensuring compliance with strict legislative and regulatory requirements. Provide an example of a time when you successfully managed a complex privacy, cybersecurity, or information governance challenge.
• This role leads and develops a team while building strong collaborative relationships across NESA, other government agencies, and external stakeholders. Describe a situation where you led a team or project to deliver a significant organisational or technology-related change.

If you need reasonable adjustments for the recruitment process and workplace, please reach out to the contact person above.

Close date: 16 September 2025 at 11.59pm AEST

Thank you for your interest, we look forward to receiving your application.

We particularly welcome applications from Aboriginal and Torres Strait Islander people, people with a disability, people of all ages, genders, cultural and linguistic backgrounds, the LGBTQIA+ community, veterans and refugees.

Visa sponsorship is not available for this position. For ongoing roles, you must be an Australian or New Zealand citizen or an Australian Permanent Resident. Australian Temporary Residents may be considered for a fixed term contract for the length of their visa, depending on the requirements of the hiring area and the position.

A Talent Pool (valid for 18 months) may be created for future ongoing and temporary roles.

Sydney Region-Sydney City

Full-time

1

Total Remuneration Package: $149,739 - $173,174 plus employer\'s contribution to superannuation and annual leave loading.

We pay respect to the Traditional Custodians and First Peoples of NSW, and acknowledge their continued connection to their country and culture.