[Only 24h Left] Senior Security Risk Reporting Specialist

Senior Security Risk Reporting Specialist

The Senior Security Risk & Reporting Specialist is a pivotal role responsible for developing, managing, and maintaining the end-to-end security risk management processes. This includes policy exceptions and exemptions, maintaining the security risk register, and supporting security risk assessments. The specialist will develop and maintain a security risk reporting framework, implement a cyber risk quantification capability, and provide regular executive-level reporting on security outcomes. This role requires cross-collaboration with personnel, physical, and cyber/information security topic areas to ensure a cohesive end-to-end analysis, identification, management, and reporting of security risks and issues.

The team

APRA is embarking on an ambitious program of change incorporating cloud, data, digital and security initiatives. This has created the opportunity to join a small but growing Security team within the Technology, Data and Security division. The Security team manages cyber, information and personnel security aligning with the Protective Security Policy Framework (PSPF). The team works in a highly collaborative manner with a wide range of stakeholders at all levels of the organisation to develop, communicate and implement the security strategy. Key stakeholders include the CIO, CDO, CRO, Enterprise Architecture and IT Governance, as well as the Business Divisions, People and Culture, Procurement and Project Management Office.

Key responsibilities

- Lead the development, management and maintenance of security risk management and reporting processes, including policy exceptions and exemptions.

- Proactively maintain and manage the security risk register and support security risk assessments.

- Ensure cohesive end-to-end analysis, identification, management, and reporting of security risks and issues through cross-collaboration with personnel, physical, and cyber/information security teams; as well as broader teams in Technology and Data, Project Management Office, People and Culture and Procurement.

- Lead the coordination and management of government reporting (e.g., PSPF, E8, response to government directives).

- Develop and maintain the security risk reporting framework, including the implementation and ongoing management of a cyber risk quantification capability.

- Support the CISO by providing regular executive-level reporting on security outcomes, including development of executive papers and data-driven metrics.

- Contribute to strategic security analysis and planning to enhance the overall security framework, execution of security objectives and resolution of gaps.

- Proactively contribute to and support broader direct team outcomes.

To work with us

To work with us you must be an Australian citizen with eligibility to gain a NV1 clearance through the Australian Government Security Vetting Agency.

About you

- Proven track record in security risk management and reporting.

- Proven track record in maintaining security risk registers and supporting security risk assessments.

- Experience in developing and maintaining security risk reporting frameworks and implementing cyber risk quantification capabilities.

- Experience in providing executive-level reporting, including executive papers and data-driven metrics.

- Experience in coordinating and managing government reporting, such as PSPF and E8.

- Strong knowledge of security risk management principles and practices.

- Strong understanding of security controls and compensating controls.

- Proficiency in risk assessment methodologies and tools.

- Ability to develop and maintain comprehensive security risk reporting frameworks.

Familiarity with cyber risk quantification techniques e.g. FAIR.

About APRA

Australian Prudential Regulation Authority (APRA) is an independent statutory authority supervising almost 1,200 financial institutions and overseeing $8.6 trillion in assets for Australians. APRA seeks to recruit, develop and retain highly skilled professionals to shape financial services and protect the financial wellbeing of the community.

Why Work for APRA

APRA rewards skilled professionals, supports wellbeing, and cultivates an inclusive workplace where everyone belongs, feels valued and respected. The commitment to wellbeing is reflected in engaged people supported by resilient leaders and a values‑aligned culture. APRA fosters diversity of background, thought, and experience, recognising that a broad range of perspectives enables us to better protect the financial wellbeing of the Australian community.

To apply

To apply, please visit our Careers Page at www.apra.gov.au. For further information or assistance, please email talent@apra.gov.au.

#J-18808-Ljbffr