Information Security Risk and Assurance Manager

**_Be inspired everyday_**

At HESTA we’re a leading national superannuation fund dedicated to people working in health and community services - a growing sector of ordinary people doing extraordinary things, day in day out, right across Australia.

More than 1 million Australians trust HESTA with their money. So together, we invest billions of their savings globally, striving to generate strong investment returns and make a real difference to their financial futures. Our focus is on helping our members enjoy the retirement they’ve worked hard for.
- **Do you have a passion for information and cyber security?**:

- **Do you want to be part of a talented team and a unique opportunity that blends leadership and technical skills?**

Our business is rapidly transforming and our information security capability is growing.

**The opportunity**

Reporting directly into the GM Information Security, this critical leadership role will oversee and implement robust information security governance, risk, and assurance practices through management of HESTA’s Information Security Management System (ISMS).

This role will lead the uplift of maturity and operations of HESTA’s Information Security Governance, Risk and Assurance Framework and team, and contribute to the delivery of HESTA’s information security program, strategy implementation, key initiatives and priorities.

This includes maintaining and evolving an ISO27001 based ISMS framework, ensuring alignment with the organisation's security objectives, regulatory obligations, and risk appetite.

You will play a vital part in making sure information security is implemented and operated in the way it should be, adhering to regulatory requirements as well as our own policies, standards and procedures, to keep us in check and secure

**About you**

You will be a seasoned Information Security leader that has built and lead security risk and assurance teams. You will have experience working with or working knowledge of governance tools such as One Trust or Archer GRC, and a working understanding of enterprise operations that span across Public Cloud environments, and security principles across Iaas, PaaS and SaaS. This role will also develop, govern and oversee technical security assurance capabilities across penetration testing, vulnerability management, and security controls testing.

You will have a strong understanding of security obligations for APRA regulated entities, experience and knowledge of security standards and frameworks such as NIST Cybersecurity Framework, ISO27001/2, including security controls and compliance requirements.

You will be agile in your approach, embrace impactful leadership and develop your team to be the best they can be. You will work collaboratively with key stakeholders to ensure outcomes are achieved and provide leadership and support to ensure a strong security posture is achieved and maintained in alignment with the HESTA’s Information Security Strategy.

**_We will leave all the ‘work you’ll be doing’ stuff in the PD but here’s a few things that you’ll get to enjoy working at HESTA:_**
- Your leave and time off matters, up to 6 days paid volunteer leave, up to an additional 5 days of leave over the end of year and new year period, access your LSL after 3 years Take AL at half pay, and purchase up to 2 weeks additional leave
- Your professional development matters, up to $5k per year professional development and up to 8 days professional development leave, HESTA scholarships and free access to a range of premium learning tools
- Your health and wellbeing matters, free annual flu shots and skin checks, incredible social events throughout the year and a comprehensive employee assistance program available 24/7
- Your financial wellbeing matters, financial planning support, end of year payment for all Enterprise Agreement-covered employees, incentivised Employee Referral Program and novated lease options

HESTA is a great place to work but don’t take our word for it, we were named (again) Employer of Choice for Gender Equality 2022.