Manager, Information Security

The Information Security Manager is
responsible for overseeing the cybersecurity
portfolio for QUT, including managing
information security activities across the
organisation. This role will be the key link
between strategic planning and operational
execution, ensuring that QUT stays ahead of
the cyber threat landscape and manages
organisational risk in a cost effective manner.

The person will contribute to the development
of organisational strategies that address
information security risk through proactive
control development. This development is
guided by an overarching information security
strategy that has planned (and fully funded)
initiatives for the next three years. The
information security manager will be
responsible for translating this strategy into
action and reporting the success of these
efforts to the wider organisation.

The role will proactively work with University
and IT leadership, the Project Management
Office and the information security team to
ensure the portfolio of cybersecurity
capabilities are being managed and employed
effectively. The person must understand IT at
an enterprise level and how risk management
frameworks can be employed to secure this
technology in support of university outcomes.
As part of the role, the Information Security
Manager will stay up to date on the latest
developments in the threat landscape, as well
as industry policies and processes, such as
NIST CSF, ISO27001, IS18 and the ISM.

This position reports to the Associate Director,
Information Security for supervision, workload
management and for Performance Planning
and Review (PPR).

**Key responsibilities include**:

- Acquire and manage the necessary

resources, including financial resources,
and key security personnel, to support
information security goals and objectives to
reduce overall organisational risk.
- Oversee the information security budget,

staffing and contracting.
- Collect and maintain data needed to meet

system cybersecurity reporting.
- Ensure that improvement actions are

evaluated, validated and implemented as
required.
- Ensure that protection or detection

capabilities are acquired or developed
using the information system security
engineering approach and are consistent
with organisation level cybersecurity
architecture.
- Ensure that plans of actions and milestones

or remediation plans are in place for
vulnerabilities identified during risk
assessments, audits or inspections.
- Continuously validate the organisation

against policies, guidelines, procedures,
regulations and laws to ensure compliance.
- Ensure that all acquisitions, procurements

and outsourcing efforts address information
security requirements consistent with
organisational goals.
- Serves as the deputy to the Associate

Director Information Security (CISO).
- Manages and leads personnel within the

information security team.
- Compliance with health and safety policies,

procedures, hazard reporting and safe work
practices.

To ensure job flexibility the successful
- appointee may be required to:
- perform any other duties as nominated by

the University consistent with the relevant
classification descriptors detailed in the
Enterprise Agreement. Staff undertaking
any new duties will receive training;
- participate in job rotation or multiskilling in

consultation with their supervisor;
- work across campuses

**Type of appointment**
This appointment will be offered on an
ongoing, full-time basis.

**Location**
Kelvin Grove campus.

Selection Criteria
1. Education training or relevant experience

in information security, such as the
completion of postgraduate qualifications,
or equivalent experience with at least 6
years’ experience working within in
Information Security, ideally in a complex

environment.
2. Broad technical knowledge of information

technology, business operations, project
management, governance risk and
compliance, and the Information Security
threat landscape.

3. Proven track record and experience in
implementation of information security
projects or control development, that
contributed to a well-known framework
(ISO 27001, ISM, NIST).

4. Ability to motivate and lead people to
achieve tactical and strategic information
security goals.

5. High level of personal integrity, as well as
the ability to professionally handle
confidential matters and show an
appropriate level of judgement and
maturity.

6. Excellent written and verbal
communication skills, interpersonal and
collaborative skills, and the ability to
communicate information security and risk
- related concepts to technical and non
- technical audiences at various hierarchical
levels, ranging from senior managers to
technical specialists.

**Remuneration and Benefits**
- The classification for this position is Higher
- Education Worker Level 10 (HEW10) which
- has an annual remuneration range of $150,440
- to $168,264 pa. Which is inclusive of an annual
- salary range of $127,124 to $142,185 pa, 17%
- superannuation, and leave