Head of Cyber Security and IT Risk

3 days ago


Sydney, Australia LGT Crestone Wealth Management Full time

Min Experience- 10 yearsYour team
- Working as a part of the Risk, Legal & Compliance team with overall responsibility to drive all strategic and operational cyber security and IT risk functions.
- Working alongside the Head of Technology, senior business and risk executives and project management team within the reporting structure of the Chief Risk Officer.

You will be supported by 2 staff members operating in the following roles: Senior Cyber Security Consultant and Cyber Security Analyst.

Your Role

Cyber Security Governance
- Maintain a lean and effective cyber and technology risk governance structure, ensuring that risk management is deeply embedded into strategic business projects and operational decision-making.
- Ensure the business maintains an effective and agile cyber security policy framework that is aligned with LGT Group directives.
- Develop and manage the cyber security budget for all operational and strategic spend, ensuring resource allocation prioritises areas of high-risk and strategic importance.
- Establish and maintain a detailed cyber assurance program (including targeted reviews, supplier assurance, red teaming, penetration testing, disaster recovery testing, etc.) to identify and prioritise key gaps for remediation.
- Produce and present high-quality cyber risk reports to executive committees and board of directors (locally and at Group level), educating senior executives and the board on material risks, regulatory compliance, and strategic risk mitigation initiatives.
- Maintain a strong Line-2 assurance framework challenging the design and operations of the technology function, specifically ensuring the business adheres to GS007 control framework.
- Actively participate in monthly and quarterly vendor executive governance meetings — ensuring key suppliers meet contractually agreed KPIs and constantly adjust controls to mitigate emerging risks.
- Track audit findings and recommendations to ensure appropriate critical and high-rated issues are promptly addressed. Proactively engage internal and external auditors to identify synergies and avoid redundant reviews.

Stakeholder Management
- Develop and nurture relationships with key internal stakeholders, specifically executives, technology, risk management, legal, audit and HR management teams to create a shared sense of purpose and positive working culture.
- Liaise with external stakeholders, such as law enforcement, external auditors, advisory bodies, institutional clients, and business partners, as necessary, to ensure that the business maintains a resilient posture and promptly adjusts controls in line with emerging threats.

Strategy Execution
- Develop and deliver a high-impact cyber resilience strategy that is measurable, scalable, and advances strategic business goals.
- Ensure the business maintains a robust enterprise security architecture framework, ensuring that new systems are secure by design, fault-tolerant and architected in-line with industry reference standards.
- Actively collaborate with the Group CISO and their leadership team to identify opportunities to integrate local capabilities with the Group, ensuring consistency and strategic alignment.
- Negotiate vendor contracts to ensure the business invests in cost-effective and highly scalable solutions.
- Maintain a lean and effective cyber security team through ongoing mentorship, training, and maintaining a fine balance between outsourced and insourced capabilities.
- Stay abreast with key cyber security threats and regulatory changes and work with relevant stakeholders to adapt the cyber security strategy accordingly.

Incident Response
- Lead incident response, ensuring prompt containment, assessment, and remediation of key incidents. Conduct root cause analysis and implement corrective actions to prevent recurrence.
- Lead executive/board cyber crisis response simulations and drive the remediation of key issues identified.

Security Operations
- Work with outsourced providers and internal teams to ensure the business maintains a highly tuned and effective 24/7 security operations centre that prioritises threats on the business’s most valuable digital assets.
- Ensure the technology team and outsourced vendors maintain effective cyber security operational hygiene, including access management, backups, vulnerability management, patching and systems hardening.

Your skills & experience
- 10+ years of IT work experience, with at least 6+ years in leadership position overseeing cyber security teams or key projects and influencing decision makers.
- Proven leadership skills and the ability to work effectively with stakeholders, financial management, leading teams and executing complex change.
- Exceptional communications skills, with the ability to communicate with staff at various levels, both technical and clear business terms, regarding complex strategic projects.

Your role competencies
- Strong communication skills
- Resourceful, self-starter/driven
- R



  • Sydney, New South Wales, Australia Skylight Cyber Security Full time $120,000 - $180,000 per year

    About Skylight CyberAt Skylight Cyber, we're young, transparent, and culture-focused boutique cyber security firm specialising in providing high-end services to enterprises globally. We provide our customers with world class expertise to build and continuously evolve an effective security stack across people, process, and technology.We thrive and are...


  • Sydney, New South Wales, Australia Skylight Cyber Security Full time

    OverviewSkylight Cyber is a young, transparent, and culture-focused boutique cyber security firm specialising in providing high-end services to enterprises globally. We provide our customers with world class expertise to build and continuously evolve an effective security stack across people, process, and technology.We thrive and are passionate about the...


  • Sydney, New South Wales, Australia Skylight Cyber Security Full time

    OverviewSkylight Cyber is a young, transparent, and culture-focused boutique cyber security firm specialising in providing high-end services to enterprises globally. We provide our customers with world class expertise to build and continuously evolve an effective security stack across people, process, and technology.We thrive and are passionate about the...

  • Head of Cyber Risk

    2 weeks ago


    Sydney, Australia Westpac Banking Corporation Full time

    Head of Cyber Risk - Permanent - Sydney - Role sits in Risk Division / 2nd Line of Defence Function **How will I help?** As the Head of Cyber Risk, reporting to the Chief Risk Officer for Technology, you will join the Risk Division in a 2nd Line of Defence function and set, own, advise and report on the Group-wide approach to managing Cyber Risk. You will...


  • Sydney, Australia University of New South Wales Full time

    **Job no**: 525136 **Work type**: full time **Location**: Sydney, NSW **Categories**: Information Technology, Cyber - Employment: Full time (35 hours per week) - Continuing role as a Cyber Security Risk Advisor - Remuneration: Excellent salary package including leave loading and generous superannuation - Location: Based in Kensington, Sydney (hybrid...


  • Sydney, Australia NSW Government -Department of Customer Service Full time

    **Cyber Security Officer** - Location: Hybrid opportunity, Head Office Haymarket Sydney - Ongoing full time opportunity - Salary Grade Clerk, 5/6 base salary starting at $89,707 - $98,982 + superannuation and annual leave loading **About the Role**: **Your day-to-day**: - Coordinate and manage records and databases, complying with administrative systems,...


  • Sydney, Australia Bluefin Resources Full time

    Prestigious State Government Client w Excellent Team Culture - 6 Month Contract w Guaranteed Extensions - Sydney Location w Excellent Hybrid Working Flexibility A large government organisation is on the lookout for a mid level Cyber Secuirty Advisor for a 6 month contract based from their head office in the Sydney CBD. As a Cyber Security Consultant and...


  • Sydney, New South Wales, Australia ALOIS Solutions Full time $150,000 - $250,000 per year

    Role: Cyber Security Risk Assurance LeadWork location: Sydney , Melbourne, Canberra - Open for all locationsRole type: ContractRole:The Cyber Security Risk Assurance Lead is hands-on and multi disciplined, assessing complex technical issues and performing cyber security risk assessments across a wide range of initiatives in a fast-paced, complex...


  • Sydney, Australia NSW Department of Customer Service Full time

    **Role: Cyber Security Advisory Analyst** **Role type: Ongoing** **Salary: DCS clerk grade 7/8, annual base salary starting at $113,574 plus employer’s contribution to superannuation and annual leave loading** **Location: Sydney or Bathurst** **About Us**: The Department of Customer Service (DCS) is transforming the way NSW Government agencies...


  • Sydney, Australia NSW Department of Customer Service Full time

    **Role: Cyber Security Officer** **Role type: Temporary up to 2 years** **Salary: DCS Clerk Grade**5/6, annual base salary starting at** ($97,027 - $107,059)** plus employer’s contribution to superannuation and annual leave loading** **Location: Sydney** **About Us**: The Department of Customer Service (DCS) is transforming the way NSW Government...