Security and Risk Assurance Manager

**This is a full-time position working 36.75 hours per week over a continuing contract period. Salary to be negotiated depending on experience, plus 17% superannuation**
- Collaborative, innovative and supportive work environment
- Work with a dynamic and professional team using your experience to the max
- The position is located at our Footscray Park Campus.

**About the role**

The overall purpose of the Cyber Risk and Assurance Manager is to lead the delivery of cybersecurity governance, risk (including technology, third party risk management), compliance and assurance programs and operations across VU.

This highly visible role will be key to establish and enforce strong security practices across VU businesses and strategic programs; including defining key security indicators, policies, standards and processes. As a trusted advisor and specialist, you will identify, assess and manage existing and emerging Cyber and Technology risks and guide VU business operations in design and implementation of appropriate controls.

**About the person**
- 5+ years of experience working in Information Security Management and/or related functions such as Governance, Risk and Compliance Manager, Security Manager, IT Risk Management or IT Audit.
- Formal certification in ICT Security such as CISA, CRISC, CISSP (Certified Information Systems Security Professional), CISM or related certifications.
- Demonstrated experience in identifying, assessing, managing and monitoring security and technology risks.
- Strong understanding and demonstrable experience in interpreting regulatory, legislative and compliance requirements pertaining to security, governance, assurance and compliance of ICT systems and processes.
- Demonstrated experience in managing technical interactions as well as champion services in security advisory and advocacy roles.
- Demonstrated experience in communicating complex ICT security concepts to ensure the University’s information assets are secured to a level commensurate with the value of those assets.
- Extensive written and oral communications skills and excellent organisational skills.
- Demonstrated capacity to understand and comply with employer policy and practices in all aspects of work and conduct, including OH&S and Anti-Discrimination responsibilities and complete/attend relevant training.

**Duties**

An example of duties you may perform will include:

- Implement and maintain robust governance activities and frameworks to ensure the VU’s information technology, security, project risks and compliance objectives are met.
- Identify and assess information technology and security risks in respect of policy non-compliances, new initiatives, business activities, processes and operations.
- Identify and assess information technology and security risks in respect of VU business functions and their BAU activities, systems and operational processes.
- Develop a robust business engagement model to develop a common understanding of VU’s legal, regulatory, compliance obligations and industry best practices including (but not limited to) NIST Cybersecurity Framework, Security of Critical Infrastructure Act, Australian Privacy Principles, Defence Industry Security Program (DISP) and evolving TEQSA requirements.
- Monitor the legislative, regulatory and policy (internal and external) landscape and provide information to key stakeholders on the developments and impacts, including representing the VU's information security posture in submissions to industry bodies/regulators/government departments.
- Developing relevant threat models to define cyber risk posture for VU and different business functions and systems.
- Lead development, implementation, monitoring and reporting mechanisms for security, risk and assurance practices to support compliance and highlight areas of exposure within the University.
- Support leadership and business teams with technology and cyber risk advice, support and consultation on matters of ongoing or emerging risks.
- Lead the development, implementation, and ongoing management of the University’s Information Security Management System (ISMS).
- Uplift and standardise information security policy, standards and management practices (eg, access management) including their communication and roll-out across VU business.
- Lead and guide the University’s Ecosystem Security Assurance (Vendor/Third Party Risk Management) function including continuous improvement of the frameworks, processes, technology, and driving greater coverage of the controls set.
- Develop and manage a controls assurance framework and services designed to assess key controls, including auditing of internal technology and cyber security controls.

**Benefits**
- Salary sacrifice options
- Professional development opportunities
- Flexible working arrangements available
- Paid study leave
- On-site gym and fitness centre and more

**How to apply**

For a position description, please **click here **.

Applica