Cyber Security Controls Assurance Manager

**Job no**: 527959
**Work type**: full time
**Location**: Sydney, NSW
**Categories**: Information Technology, Cyber
- Employment Type: full time continuing role as a Cyber Security Controls Assurance Manager
- Excellent salary package including superannuation
- Location: UNSW Kensington Campus (Hybrid Working Opportunities)

**About UNSW**:
UNSW isn’t like other places you’ve worked. Yes, we’re a large organisation with a diverse and talented community, a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. If you want a career where you can thrive, be challenged and do meaningful work, you’re in the right place.

The Cyber Security Controls Assurance Manager is responsible for overseeing and advancing the University’s cyber security controls assurance practices, ensuring that cyber security controls are effective, regularly tested, and continuously improved. Key responsibilities include developing and executing strategies for cyber security controls testing, facilitating the remediation of identified gaps, and delivery of cyber security metrics and reporting to support senior management decision-making The Cyber Security Controls Assurance Manager reports to the Head of Cyber Security Governance & Assurance and has direct reports.

**Accountabilities**:

- Lead the strategic planning, execution, and continuous improvement of cyber security controls assurance testing, including regular controls effectiveness testing and gap assessments.
- Develop and implement a continuous controls assurance testing strategy, with a focus on control monitoring, automation, uplift, and rationalisation.
- Facilitate post-testing assurance by reviewing findings, advising stakeholders, prioritising remediation efforts, and managing closure of actions.
- Monitor, track, and ensure timely closure of findings, risks, and associated actions resulting from controls assurance activities, ensuring alignment with the University’s risk appetite.
- Develop, collect, and continuously improve cyber security metrics and Key Risk Indicators (KRIs)/Key Control Indicators (KCIs) to measure performance and risk exposure.
- Lead the delivery and management of periodic cyber security metrics reporting.
- Present insights, information, and recommendations to leadership and stakeholders to inform decision-making and support organizational objectives, and present at quarterly GRC Community of Practice (CoP) and Developer Security CoP meetings to foster collaboration and knowledge sharing across faculties and divisions.
- Update and maintain the cyber security risk register with findings from testing, assessments, and performance metrics, ensuring that risks are tracked and mitigated.
- Manage audit assurance activities by providing leadership in facilitating the remediation of audit findings, ensuring that identified risks are mitigated in accordance with agreed timelines and corrective actions are successfully implemented.
- Lead the maturity and management of Cloud Security Posture Management (CSPM) tools, including tuning, ongoing monitoring, and remediation activities.
- Oversee crowdsourced security testing / bug bounty programs, ensuring these programs are aligned with security objectives and contribute to continuous improvement in security posture.
- Provide strategic cyber security consulting and advisory services to the Cyber Security Enablement Program and other key initiatives across the University, ensuring alignment with governance and compliance standards.
- Manage and mentor a team, providing guidance, support, and professional development opportunities to ensure high performance and continuous growth.
- Align with and actively demonstrate the Code of Conduct and Values
- Cooperate with all health and safety policies and procedures of the university and take all reasonable care to ensure that your actions or omissions do not impact on the psychosocial or physical health and safety of yourself or others.
- Ensure hazards and risks psychosocial and physical are identified and controlled for tasks, projects, and activities that pose a health and safety risk within your area of responsibility.

**Skills and Experience**:

- Extensive management expertise and supporting experience (7+ years) in cyber security controls assurance, with a proven track record in controls assurance testing, metrics reporting, and audit management.
- Strong experience with cyber security assurance tools such as Checkmarx, Lacework, BugCrowd, and similar platforms.
- Certifications such as CISSP, CISM, CRISC, CEH, or relevant certifications in security assurance and controls testing are highly desirable.
- Strong understanding of cyber security metrics, KRIs/KCIs, and their role in managing and communicating risk.
- Experience in working with risk registers and driving the remediation of risks and audit findings.
- Excellent