General Manager Cybersecurity, Technology Risk

Melbourne, VIC, AU, 3000**About John Holland**:
At John Holland, our purpose is simple, we transform lives with everything we do. We’ve always known at its heart infrastructure is about people — our customers, our employees, and the communities in which we work.

That’s our difference. Deep experience and capability with a genuine care about creating better lives for people along the way.

Be part of a team that thrives on rising to the challenge of transforming lives for good.

**About the Role**:
As General Manager Cybersecurity, Technology Risk and Audit, you will be responsible for providing cybersecurity leadership and governance across the organisation in this newly created role. Alignment of cybersecurity and business objectives is essential to inform the cyber program as well as managing to the overarching NIST framework. You will be partnering with key business stakeholders across the company to create an engaged cyber security culture and awareness.

You will work closely with our projects and bid teams to help formulate cybersecurity requirements on bids/ tenders for the business operations and meet client requirements. Your strong knowledge of current state and future vision will help shape planning of the security architecture to support organisational growth.

You will deliver a regular reporting cadence to Executive bodies to inform on the progress of cyber initiatives as well as the general landscape of threats and incidents. You will determine the most effective way of presenting this information, audience dependent, to achieve desired impact and response.

Managing the associated audits across the IT function and closing out actions will fall within your responsibilities as well as managing technology risk on behalf of the function.

People are at the heart of everything we do, so building strong relationships and trust with stakeholders at all levels within the business will be critical to the success of this position.

**What you will do;**:

- Develop and manage the cyber security function and provide leadership & governance within the organisation
- Work closely with corporate and operational business units to build robust BCP / DRP and promote an enterprise perspective to cyber risk
- Oversight of the managed security service provider and associated services
- Develop and oversee the cybersecurity program of work to meet the needs of Executive and Board approved risk posture
- Ensure organisational compliance with cybersecurity policies, standards, regulations and legislations
- Provide regular reporting to Executive and Board on all matters pertaining to cybersecurity including progress against key activities and actions, including presenting to Executive and Board
- Oversee the organisations response to cybersecurity incidents and simulations and contribute to the organisations BCP and DRP processes
- Implement processes and communications to uplift the cybersecurity culture and awareness of the organisation
- Accountable for third party risk management framework, working with partners, customers, regulators to ensure protection of critical assets and customer and employee information
- Work closely with tender teams and projects to ensure cyber requirements are evaluated and achieved for both IT and OT
- Management of all IT audits and associated actions and reporting
- Active management of IT risk and reporting into the risk tracking system
- Develop the internal team to enhance their knowledge and skills

**What we are looking for;**:

- Bachelor’s Degree in Commerce / Engineering / Computing related field or other relevant qualifications and / or relevant work experience within the industry
- 10+ years of senior management experience across multiple large, complex organisations leading Cybersecurity, Risk and Audit functions
- Demonstrated experience in building a cybersecurity function and capability
- Experience in establishing and delivering cybersecurity uplift programs / roadmaps
- Demonstrated experience in managing enterprise wide cyber security incidents
- Demonstrated experience building cyber security capability for both IT & OT
- Extensive experience in reporting to C-level executives and Board members
- Strong ability to influence senior leaders and build trust
- Strong knowledge of NIST, ISO 27001 and Essential 8
- Strong understanding of security architecture
- Budget and risk management experience
- Strong people leadership skills

**As part of the team, you help us deliver on our promise to transform lives.**:
Your success is reflected in ours, so we’re committed to being an employer of choice. We pride ourselves on having a diverse and inclusive workplace, as different perspectives and ideas will deliver our long-term success.

We want you to be with us for the long-term, so providing you with rich career experiences and ongoing development is our priority.

**What’s in it for you when you join John Holland?**:
We’re about connecting your sense of