IT Security, Risk and Compliance Manager

**IT Security, Risk and Compliance Manager**:
**Job no**: 497812

**Work type**: MSP Contract

**Classification**: MSP

**Categories**: Information Technology

**Create our future together at the City of Greater Geelong**
At City of Greater Geelong, we are committed to working together for a thriving community. We do this by delivering over 130 services to our rapidly growing population and working hard to protect and improve what it is that makes Greater Geelong on Wadawurrung country such a great place to live, work and study.

We’re going through an exciting period of change that will help us serve our community better. From digital modernisation to the contemporary, sustainable office we've built in Central Geelong, now more than ever is a great time to join our team at the City of Greater Geelong.

Our Community is made up of diverse people from all walks of life, and it’s important to us that our workforce represents and celebrates this strength.

We encourage great people from all backgrounds to join us. We encourage authenticity, because inclusion makes us stronger.

If you’re excited about working together to create a Clever and Creative Greater Geelong, and joining a workplace where all people can thrive, then hit **apply** - we’d love to meet you

**About the role**

Key responsibilities include:

- Partner with the business to provide security, risk and compliance advice to technology related matters including cyber security.
- Responsible for leading the delivery and uplift of the City’s Information Security, Risk and Control capability maturity, including the management and execution of key security initiatives/projects.
- Management of IT security, working with other IT teams to ensure the protection of IT assets & information as well as the prevention and management of breaches.
- Monitoring the external threat environment for emerging threats, conducting system security and vulnerability assessments and working with stakeholders on the appropriate course of action.
- Managing and containing security incidents and events to protect IT assets, data, and limit operational impacts including the coordination of incident response plans to ensure that business-critical services are recovered in the event of a security event.
- Managing the process of gathering, analysing, and assessing the current and future threat landscape, as well as providing a realistic overview of risks and threats in the environment.
- Developing a security vision, strategy and roadmap that is aligned to business priorities and enables and facilitates the business objectives aligned to the risk appetite by determining enterprise-wide security requirements, including new IT investments required to protect our assets.
- Leading IT risk identification, IT risk management, and appropriate risk mitigation strategies including the reporting of IT risks and associated information both at an operational and strategic level.
- Working collaboratively with business and IT stakeholders to understand and facilitate security risk assessments and risk management processes both to optimise enterprise risk and to empower stakeholders to own and accept the level of risk they deem appropriate for their specific risk appetite.
- Establish and maintain a governance framework for IT Security, Risk and Compliance within the City and provide a point of contact to business and technology teams on security governance requirements.
- Act as a key point of contact for stakeholder engagement across the business, technology, and external vendors, while demonstrating a strong ability to independently engage and develop stakeholder relationships.

**About you**
To be successful in this role, you will have knowledge of common information security management frameworks, such as ISO/IEC 27001, ASD, COBIT and NIST.

Essential Experience:

- Bachelor's degree in computer science, information systems, or other relevant discipline
- Minimum of 5 years’ experience within IT, security and risk
- Minimum of 2 years’ experience in an IT Security Management role
- Practical hands-on experience working within Information Security, IT Risk and related technology governance frameworks
- Knowledge of enterprise information and cyber security processes, concepts, and best practices, with an exposure to public cloud models is desirable.
- Exposure to a broad range of IT functions and disciplines, with a strong working knowledge of IT governance and/or information governance.
- Regulatory compliance knowledge including PCI, VPDSF as well as knowledge and experience of network and infrastructure security and vulnerabilities.
- Experience across other security areas including penetration testing, security architecture or design and security governance including hands-on experience implementing security solutions.
- Relevant security certifications beneficial such as CISA, CISM, CISSP, SASA, ISO27K or related IT Governance certifications such as COBIT
- IT Risk