Head of Security Risk

Are you looking for an awesome place to work, where you can proudly be your authentic self, and be part of #oneteam?
We are looking for a passionate team player who aligns with our values and culture, takes pride in their unique contributions, and can challenge the status quo with disruptive thinking. If this sounds like you, come and join us
The Opportunity
We have an exciting opportunity to join Vocus as The Head of Security Risk and Governance in our team in either Melbourne, Perth or Sydney office. this role will provide strategic direction and authoritative oversight of Vocus’ security governance, risk and compliance (GRC) functions.
The role ensures that Vocus security policies, controls, and risk practices remain robust, transparent, and responsive to evolving regulatory, compliance, and threat landscapes.
What you’ll be doing day-to-day
By harmonising strategic priorities with established frameworks and embedding risk reporting, awareness and accountability into decision-making processes, the Head of Security Risk and Governance strengthen our internal security risk management practices, ensure public trust through the management of audits, enhance market credibility by maintaining our accreditations, and uphold Vocus’ values.
This position is also accountable for Vocus’ physical in conjunction with facilities and network operations, and personnel security including the management of clearance holders in support of our Defence Industry Security Partnership (DISP) accreditation.
This position will foster a high-performance culture of ethical leadership and continuous improvement, influence key stakeholders, lead security GRC reporting and build Vocus’ capability to support sustainable, risk-informed business outcomes.
This role may require occasional after-hours engagement to manage emerging incidents or compliance deadlines. Also have potential interstate or international travel to liaise with regulators, auditors, and industry networks.
This role operates within a complex, matrixed environment that demands agility, cross-functional collaboration, and alignment with broader strategic initiatives.
What you’ll bring to this role
Required Skills & Competencies
- Demonstrated experience and shaping and maintaining integrated security risk management, compliance and governance frameworks, ensuring alignment with organisational priorities, regulatory requirements, and industry standards.
- Expert knowledge of relevant regulatory and compliance frameworks, including NIST, ISO27001:2022, DISP, ISM, PCI-DSS and PSPF; and the ability to adapt strategies in response to evolving legislative and industry landscapes.
- Proven ability to lead large-scale, cross-functional initiatives that drive secure-by-design principles, policy optimisation, and effective control implementation.
- A track record of fostering a risk-aware culture, embedding systematic risk assessment, scenario planning, and clear reporting into critical decision-making processes.
- Evidence of strong stakeholder engagement, influencing senior executives, legal, compliance, audit, and finance teams to support well-informed and transparent governance outcomes.
- Advanced analytical and problem-solving capabilities, with the capacity to interpret complex data, metrics, and reports to inform strategic actions; as well as the ability to drive management, board and operational reporting.
- Strong communication, negotiation, and influencing skills to build trust and collaboration across diverse teams and functional areas.
- Demonstrated proficiency in policy development, security control optimisation, and risk assessment methodologies, combined with the capability to translate findings into actionable recommendations.
- Able to lead internal and external audits and ensure that any findings are implemented.
- Demonstrated capability to lead, mentor and build high performance teams.

Desirable Skills & Competencies
- Familiarity with enterprise risk management tools, GRC (Governance, Risk & Compliance) platforms, and emerging security technologies. Experience in GRC policy-as-code and GRC automation will be highly regarded.
- Security risk quantification methodologies such as FAIR. Experience in adapting these methods to Board level reporting will be highly regarded.
- Experience engaging directly with regulators, industry bodies, and auditors, shaping external perceptions and reinforcing organisational credibility.
- Knowledge of supply chain security frameworks and global best practice to further integrate governance measures throughout the extended enterprise environment.
- Practical experience with the Protective Security Policy Framework (PSPF) would be highly regarded.

Qualifications & Education
- Bachelors in cyber security, information assurance, risk management, law, business administration or a related field; a postgraduate qualification is advantageous.
- Relevant professional certifications (e.g., CISA, CRISC, CISSP, CISM CGEIT) preferred, i