Information Security

**About Movember**

Movember is the leading Men’s Health Organisation and Charity changing the face of men’s health globally, tackling mental health and suicide prevention, prostate cancer, and testicular cancer. In our mission to stop men dying too young, we’re seeking an experienced Global Director, Information Security & Data Governance to join our Movember Tech Team based in Australia.

**About the role**

The Information Security & Data Governance Manager is a hands-on role within our tech team with leadership responsibilities for implementing and running our Enterprise Information Security Management Program. This will involve identifying, evaluating, and reporting on legal & regulatory, IT and cybersecurity risks, while supporting and advancing Movember’s strategic programs of work.

**Some responsibilities will be**:

- Owns the information security processes across Movember including ISO27001 accreditation activities.
- Provides regular reporting on the status of the information security program to senior business leaders.
- Chairs & facilities an information security governance group with nominated technology and business stakeholders.
- Operates internal audit processes to verify the effectiveness of controls.
- Develops, socialises and coordinates approval and implementation of new or updated security policies.
- Works with the vendors to ensure that information security requirements are included in contracts.
- Directs the creation of targeted information security awareness training programs for internal staff.
- Develops and enhances an up-to-date information security management framework based on the following: International Organization for Standardization (ISO) 270001 and National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
- Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
- Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
- Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas.

**For this role, you’ll need**:

- Demonstrated experience and success in roles managing risk management, information security, and IT security.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
- Up-to-date knowledge of methodologies and trends in both business and IT
- Project management skills: financial/budget management, scheduling and resource management

**Bonus points for**:

- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
- Experience with contract and vendor negotiations.

**Our employee benefits include**:

- Flexible hybrid working from home and our modern Richmond office
- Finish work at 2pm on Fridays (Dec-Aug)
- NFP salary packaging (pay less tax)
- 13 weeks paid parental leave and 5 weeks annual leave
- Fun & collaborative culture with employee social events
- Free Headspace subscription and other wellbeing initiatives
- Relaxed dress code

**Does this role sound up your alley?