IT Cyber Security Manager

An exciting opportunity for a seasoned cyber security leader to lead the cyber roadmap and enhance the cyber maturity for Victoria's largest infrastructure project
- 3-year fixed term, full-time role with hybrid working arrangements (Melbourne CBD office/working from home)
- Attractive VPS STS salary between $175,731 - $238,997 per annum + 10.5% superannuation

About the opportunity
Reporting to the Chief Information Officer, you will play a pivotal role in:

- Leading the ongoing development and implementation of the cyber security program and roadmap, ensuring compliance with cyber security policy, standards and regulations to protect the organisation's information assets from cyber threats
- Translating cyber security concepts and language into business concepts and language to ensure that business is informed when planning new business projects
- Fostering partnerships with the internal teams to ensure business needs and priorities are understood and aligned to the cyber security framework
- Advising on cyber security aspects in procurement and contract management activities, through the assessment of security checklists, certifications and security assurance reports
- Coordinating and overseeing response to cyber security incidents and bringing clarity to the situation with an effective plan to respond
- Leading and reporting on cyber security matters to Management, Executives and Board as required, including the organisation's security risk profile, planned cyber security uplift activities, and recent cyber security incidents
- Leading the cyber security awareness training program to actively uplift security awareness and culture
- Leading the development of organisational standards and guidelines in compliance with the Victorian Protective Data Security Standards (VPDSS), requiring hands-on and technically proportionate responses to vulnerability management information, including configuration changes and implementations of patches
- Leading the management of the combined Information and ICT security register, utilising the Victorian Protective Data Security Framework (VPDSF) to manage security risks across the organisation to achieve VPDSF attestation and meet its goals for cyber risk
- Chairing the internal Security Working Group, ensuring that security risks across the organisation are being formally managed and reported to Executive and Board
- Advising senior stakeholder groups across the organisation and externally on appropriate governance and management practices for security controls and risks
- Informing and contributing to business continuity and disaster recovery planning to improve business resilience and ensure the continued operation of business-critical processes

About you
- Deep understanding of cyber policy, risk and governance formulation and management
- Extensive experience of cyber security risk mitigation strategies and cyber assurance frameworks
- Experience engaging in security architecture discussions, decisions and implementation of cyber security controls
- Ability to think at a big-picture level as a technical expert, entertain wide-ranging possibilities in developing a roadmap to the organisation's cyber maturity, work across several timeframes and translate strategic direction into day-to-day activities
- Ability to draw on a range of cyber security information sources to identify innovative ways of achieving organisational maturity in the cyber security space, actively influencing and promoting ideas, and translating cyber security innovations into workplace improvements
- Ability to formulate and communicate cyber security policies and recommendations, and demonstrate and understand major legislation on information security and privacy related to the Australian Privacy Act, VPDSS or similar
- Ability to convey cyber security initiatives in a clear and interesting way and prepare reports and briefs for the Executive and Board
- Ability to deliver logical and engaging training to all levels of the organisation to educate and ensure the cyber integrity of the organisation is upheld
- CISM, CISSP, CRISC or CISA certification (desirable)
- Experience and understanding of IT security policy and standards (desirable)

About us
Suburban Rail Loop (SRL) is a city and state-shaping project that will transform Victoria's public transport system, connecting our suburbs and creating opportunities in great places. The 90-kilometre Loop will link every major rail line from the Frankston line to the Werribee line, via Melbourne Airport, better connecting Victorians to jobs, retail, education, health services and each other.
Beyond the rail infrastructure and cross-suburb travel connections, over time SRL will reshape Melbourne from a city centred around a single CBD to a ‘city of centres' - attracting more businesses and people to the broader station areas and creating more jobs in Melbourne's middle suburbs closer to where people live. Local initiatives will include new and impro