Protective Security Risk

Interacting with the Executive, senior management, and key regulators.
- Executive interaction as well as electronic security technical and/or specialist

**Position Vacant**:
**Protective Security Risk and Governance Manager (Sydney CBD Based)**

**The Employer**:
With this opportunity we represent the largest distributor of electricity on Australia’s east coast, providing power to 1.8 million customers and powering 60% of NSW's GDP. Our network is made up of substations, powerlines, underground cables, and power poles, spanning 22,275 square kilometers throughout Sydney, the Central Coast, and the Hunter Valley.

**The Role**:
**Protective Security and Critical Infrastructure**
**Role Purpose**: The Security Risk and Governance Manager is responsible for the implementation, enhancement, and monitoring of security risk and compliance policies, framework, and practices, including the identification and management of protective security risks.

**(This is NOT an IT cybersecurity-related position)**

**Context**: "_Dimensions relevant to this role"_

**Influence/Impact**: Interacting with the Executive, senior management, and key regulators while providing insight to the Board and positively influencing organizational practices.

**Leading & Developing**: Executive interaction as well as corporate & electronic security technical and/or specialist advisory services decision-making, and other work functions.

**Difficulty**: Broad multi‐faceted requirements with the expectation to keep abreast of key industry standards, trends, emerging risks, and latest practices or technology developments.

**Planning**: Focus Accountable for own priorities and delivery of organizational priorities while implementing practical streamlined solutions across the whole organization.

**Direction**: Provide facilitation and guidance for key roles, as well as front-line leaders.

**Accountabilities**: _"What I may be expected to do when I come to work in this role"_
- Implement and enhance the organisation’s security risk management procedure and security risk management framework ensuring alignment with SoCI CIRMP.
- Implement and enhance the organisation’s Physical Security procedure and sub-procedures reducing physical security risks and improving overall security risk maturity scores.
- Escalate identified risks for the enterprise and provide recommendations on mitigation and/or management strategies.
- Undertake regular organizational protective security compliance reporting to the organization’s Executive and the Board including - board papers, business cases, programs, and plans.
- Report regularly to the Executive and Board on protective security risks including the preparation of papers and business cases.
- Promote and enhance the simplification of the end-to-end protective security risk and compliance monitoring and assurance attestation processes through the use of the organization’s security governance, risk, and reporting system, and protective security incident reporting tool.
- Coordinate and/or undertake a security risk assessment, threat, and vulnerability identification, critical control assessments, and emerging risks assessments, including the monitoring of treatment actions and trends from key risk incidents and compliance indicators.
- Oversee the implementation and enhancement of site security plans, grouped site risk assessments ensuring that it is efficient and effective with processes, aligned with the procedure, and followed by relevant business units.
- Represent the Senior Manager of Protective Security and Critical Infrastructure at industry-led forums and liaise with law enforcement and intelligence agencies on sensitive protective security issues.
- Implement and enhance the development of Protective Security and Critical Infrastructure’s new processes and procedures to govern how security risk is managed and define the target state for controls applied across the network.
- Provide guidance and influence stakeholders to maintain compliance with external regulations and conditions.
- Perform other duties and responsibilities as may be directed by your manager including on-call rotational roster.

Essential: the Knowledge, Skills, Accreditations, Licencing, and/or Authorisations, you must have in this role to be safe and effective:

- Tertiary qualifications within a relevant field, ideally with more than **7 years** of industry experience.
- Background in law enforcement or equivalent field.
- Extensive experience and knowledge in security risk management, compliance management, and business continuity management.
- Extensive experience in influencing senior business stakeholders in technology and security risk management, with the ability to lead and build security control capability.
- Demonstrated experience in managing security risk for large-scale business operations preferably critical infrastructure.
- Proven understanding of a broad range of security management frameworks.
- Pr