General Manager, Cybersecurity

Challenger Limited is an ASX-listed investment management firm managing $127 billion in assets (as at 30 June 2024). Life with us is fast moving and always exciting. Together we’re driving to deliver our vision to provide our customers with financial security for a better retirement._
- We achieve this goal by providing a work environment where people from diverse backgrounds, with a range of skills and experiences can contribute and succeed._
- Join us as General Manager - Cybersecurity, a key senior management role at Challenger Group based in Sydney.The General Manager - Cybersecurity is responsible for all aspects of Challenger’s information security, technology risk and business resilience with the objective of ensuring the organisation remains secure and resilient.-
- The role engages closely with the Leadership Team and the Board to inform decision making and ensure business outcomes and objectives are aligned with the risk appetite of the organisation.-
- The key priority of the role is to provide strategic guidance, control framework oversight, governance and be a trusted advisor to the business.About the Team

The Information Security team is part of the Enterprise Risk Division and is accountable for the Challenger Group’s technology risk, cyber security and business resilience across the organisation. The team is structured into the following three functions: Cyber Security Advisory, Security Governance, Risk and Compliance and Business Resilience.
- The team consists of four internal experts complemented by a number of material service providers providing end-to-end services to the business which need to be managed and supported.

The Wider Business

Challenger is an ASX-listed investment management firm established in 1985. Our purpose is to provide our customers with financial security, and we do this by offering investment strategies that exhibit consistently superior performance, and by helping customers in retirement with safe and reliable income streams. We are the foremost issuer of annuities in Australia and a leading provider of listed and unlisted investment products and services.

The main activities of the role include:
Cyber Security Improvement Program - Partner with leadership, risk and technology service providers to develop and execute Challenger’s information security uplift program. This will involve evaluating areas of vulnerability in our control framework and cyber security defences, proposing solutions for uplift (costing, technical assessment, change management etc) and leading the delivering of those uplifts.-
- Service Providers - Manage the risks associated with a number of material service providers running technology, registry platforms and investment management operations.-
- Security Operations - Responsible for the governance and oversight of the Security Operations tower which is managed by a service provider including leading security incident investigation, response and recovery. Remain abreast of events and evolutions in the cyber threat landscape and respond appropriately to protect Challenger.-
- Information Security Governance - Maintain and evolve Challenger’s information security governance framework including policies and practice notes to protect Challenger from internal and external threats.-
- Regulatory Compliance - Deeply understand Challenger’s regulatory obligations as they relate to information security, technology risk, business resilience and data management. Ensure Challenger is meeting its regulatory obligations and work with Line 2 Risk to ensure they are integrated within the policy framework. Respond to regulator enquires as required.-
- Technology and Cyber Security Risk and Control Framework - Responsible for the design, monitoring and governance of Challenger’s technology and cyber security risk and control framework. This involves the definition, measurement and reporting of control design and operating effectiveness and ongoing evaluation of Challenger’s inherent and residual risk.-
- Identity Access Management (IAM) - Ensure the joiner, mover and leaver process is operating effectively and manage the quarterly user access reviews. Provide governance and assurance on IAM and Privileged Access Management.-
- Third Party Due Diligence - A major control for Challenger, the team is responsible for the conducting of new and ongoing third-party security due diligence and providing subsequent advice to the business to ensure Challenger’s information security standards extend to our business partners.-
- Board and Leadership Communication - Provide clear and transparent communications to the Board to enable the Board to execute on its regulatory obligations under CPS230, CPS234 and have a solid understanding of Challenger’s cyber security posture. Provide the Leadership Team with advice and guidance on the cyber security posture, uplift opportunities/progress, and cyber security implications of business decisions.-
- Busi