Cyber Security GRC Senior Manager

About Laing O'Rourke

Laing O'Rourke is a $6 billion international operation with 70 years of involvement in Australian construction and infrastructure, including nearly two decades under the Laing O'Rourke banner. The business delivers projects as diverse as the environments in which they are built, from high security military bases and major rail transport infrastructure projects, through to landmark buildings at the transport interface. Laing O'Rourke owns Australia's fourth largest plant and equipment hire company called Select Plant Australia. We know the right culture combined with purposeful technology will help us meet demand and deliver certainty for our clients. That's the #powerofexperience.

About the Role

Laing O'Rourke is currently seeking a Cyber Security GRC Senior Manager to join our dynamic team in Sydney. This role primarily focuses on managing a global team to develop and maintain the cyber security risk management framework, identifying and assessing cyber risks, developing and implementing cyber security policies and procedures, as well as ensuring ongoing compliance with cyber certifications and relevant regulations.

Key Responsibilities

• Develop the cyber risk assessment methodology/framework to manage, track and report on cyber security risks in line with the business risk tolerance.
• Manage the renewal of all cyber security certifications the business must maintain for client bids and projects by engaging and working with the relevant internal teams and governing bodies.
• Work with Laing O'Rourke's business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
• Provide support, training and guidance to the cyber security team on cyber risk management practices and processes.
• Participate in the plan, design and enhancements to processes to assess and measure ongoing supplier security compliance.
• Oversee interaction with cyber security auditors (internal / external) and regulators and third parties.
• Understand potential and emerging cyber security threats, vulnerabilities, and control techniques and the trade-offs required to manage the different levels of risk appetite and risk exposure across the global business.

About You

• Minimum 8-10 years of experience in a combination of risk management, enterprise information security and/or cyber security functions.
• Proven track record and experience with security frameworks, standards and best practices for compliance (NIST, ISO27001, NCSC Cyber Essentials, ACSC Essential 8).
• Proven track record and experience in creating and maintaining cyber threat models and risk management frameworks in a global corporate environment.
• Knowledge of best practices of IT security hardware and software, security suites, identity and access management.
• CISSP, CISM, CISA, CRISC strongly preferred.
• Minimum 5 years of managerial or supervisory experience leading multiple teams in a global environment.

Benefits

We work hard to create an environment that brings out the best in our people. We believe in building careers through providing a safe, connected and innovative culture that supports ongoing growth and development. We offer industry-leading benefits such as specialised learning and development programs, a mental health and wellbeing program, industry leading paid parental leave policy, an additional purchased leave option and coaching programs for staff on parental leave.

Diversity & Inclusion

We are committed to building a workforce that reflects the diverse society in which we live and work. Laing O'Rourke is proud to hold the Workplace Gender Equality Agency (WGEA) Citation - Employer of Choice for Gender Equality.

Laing O'Rourke actively supports a diverse workforce and strongly encourages applications from Aboriginal and Torres Strait Islander Peoples and people from culturally diverse backgrounds. Download our Stretch Reconciliation Action Plan at

https://www.laingorourke.com/company/diversity-and-inclusion

Applications from recruitment agencies will not be considered.