Cyber Security Advisor

**A great place to work**

When you join Capricorn, you become a part of something bigger than a typical company, because as a co-operative we exist to improve the lives of our Members by supporting them in building stronger businesses - not the other way around.

We are purpose-led and are committed to empowering our community to thrive. Our community includes our employees, and we know what is important to them, because we asked And here's our commitments to you:

- **Provide a diverse and inclusive workplace **- because we know how important it is for everyone to be treated fairly and with respect.
- ** Give you flexibility** - it's important to recognise we are all unique and need to create work life balance.
- ** Offer paid parental leave **- that supports both parent's leave and their transition back to work.
- ** Create a fun environment **- our social calendar is full up with a range of different virtual and face-to-face events to keep us connected.
- ** Work perks **- that our employees actually use, such as a fantastic reward and recognition program, wellness program, additional leave purchase and so much more

**The role and what we are looking for**

Reporting to the Head of Cyber Security, this position works with the business to understand, guide and assess cyber security risks, controls, and frameworks. Documents and measures the organisations cyber risk landscape. Provides recommendations on and assists in the development of cyber security governance and risk management activities.

**Key responsibilities of the role include**:

- Provide guidance on the development of, and implementation of cyber security governance and risk management frameworks and controls.
- Manage stakeholder engagement and development of cyber security policies and procedures to ensure agreed standards are defined, implemented and measurable.
- Manage assessment of cyber security risks and controls, across solutions and 3rd parties to ensure Capricorn's risk landscape is well understood and within acceptable risk tolerance.
- Assist with the deployment and maintenance of technical cyber security controls. Respond to cyber security events and incidents according to documented procedures and in accordance with best practice.
- Champion cyber security within Capricorn, support and encourage others to follow cyber security policies and procedures. Assist with delivering cyber security education.

- Great documentation skills (writing risk assessments, policies, procedures)
- Strong understanding of cyber security frameworks, including NIST CSF, ISO27001, Essential 8.
- Strong understanding of risk management processes.
- Experience in SecOps and incident response processes.
- Leads by example with cyber security behaviours and encourages others.

**Experience**
- 4 years of experience in security frameworks (NIST CSF, ISO27001, Essential 8)
- 2 years of experience in security operations and incident response
- 4 years of experience in policy and procedure development
- 4 years of experience in risk management processes, including solution and 3rd party cyber security assessments.

**Qualifications**:

- Strongly preferred that applicants hold at least one of the following qualifications.
- CISSP
- CCSP
- Degree in cyber security
- CRISC
- CISA
- Security +

**Who are we?**

Capricorn is a member-based financial services organisation which exists to improve the lives of over 25,000 Members across Australia and New Zealand by supporting them in building stronger automotive businesses. We provide products and services including trade credit, risk protection, equipment finance, trade events, travel services, fuel cards and more. Last financial year Member purchases exceeded $2.93 billion and Member returns exceeded $72.5 million.

**The next steps