Identity and Access Management

**Bring your authentic and passionate self to this exceptional role #careerswithimpact**

Are you a strategic and dynamic Identity and Access Management (IAM) leader ready to make an incredible impact? Join our growing business in this pivotal role, reporting to the General Manager - Information Security and partnering with teams across our businesses.

As our new IAM Manager, you’ll establish and lead the IAM function, drive the design, build, and implementation of a IAM strategy that aligns with HESTA’s broader Information Security Strategy and business objectives. This is your opportunity to make a significant impact, shaping how HESTA protects and empowers our people, platforms, and members.

**What you’ll do**:

- Lead and inspire IAM across the organisation, cultivating a culture of collaboration, accountability, and continuous improvement.
- Develop and execute an enterprise-wide IAM strategy, aligned with HESTA’s security framework and business priorities.
- Establish and maintain policies, procedures, and standards that meet legislative, regulatory, and compliance requirements (including APRA CPS 234, ISO 27001).
- Collaborate with business and technology stakeholders to ensure IAM practices support secure and efficient access across all platforms.
- Provide expert guidance on the selection, implementation, and ongoing maintenance of IAM tools and technologies.
- Partner with Information Security leadership to identify and mitigate identity-related risks, ensuring ongoing compliance with evolving industry standards.

**What you’ll bring**:

- Proven leadership experience in Identity and Access Management, including managing teams and large-scale projects.
- Experience in a similar management role, ideally within financial services or superannuation.
- Strong understanding of IAM principles, practices, and technologies.
- Deep understanding of identity governance, authentication protocols, access control models, and IAM technologies
- Strong knowledge of relevant frameworks and regulatory requirements (e.g. APRA CPS 234, ISO 27001, NIST)
- Experience and knowledge of security standards and frameworks such as NIST Cybersecurity Framework, ISO27001/2, CIS Benchmarks.
- Knowledge of and experience building security controls and compliance requirements using various frameworks and regulations such as ISO270001, APRA CPS 234, PCI-DSS, OWASP, Privacy Act, Critical Infrastructure Act.
- Ability to translate complex security concepts into actionable strategies aligned to business needs
- A collaborative approach and the communication skills to influence and engage stakeholders at all levels
- Relevant tertiary qualifications in technology, cybersecurity or related discipline coupled with certifications (CISSP, CISM, or CRISC) is desirable.

**Benefits that matter and make a difference for our employees**
- **_Leave for those moments that matter,_** an additional 6 days of leave at the end of year, up to 6 days paid volunteer leave, gender neutral paid parental leave of 20 weeks, Gender Affirmation leave, reproductive health and wellbeing leave, Cultural and Ceremonial leave. Access your LSL after 3 years, take AL at half pay, and purchase up to 2 weeks additional leave (just to name a few).
- **_Your professional development matters,_** up to $5k per year professional development and up to 8 days professional development leave, HESTA scholarships and free access to a range of premium learning tools.
- **_Your health and wellbeing matters, _**free annual flu shots and skin checks, incredible social events throughout the year and a comprehensive employee assistance program available 24/7.
- **_Your financial wellbeing matters,_** up to 15% super, financial planning support, end of year payment for all Enterprise Agreement-covered employees, incentivised Employee Referral Program and novated lease options.

Please note: Applications via recruitment agencies will not be accepted for this position.