Control Lead Security Posture Management

**C**ontrol**Lead**Security Posture Management**(**Senior**Manager)**
- _You are _a _cyber _security _risk and control professional with _a _background in _Vulnerability Management _control design and implementation _
- _We are one _of the best and most advanced Cyber Security teams in Australia _
- _Together we can _build the _Cyber Controls _Chapter _Area _and contribute to protecting the Group, its customers and community. _

**See yourself in our team**:
The Cyber Controls Chapter Area plays a crucial function within the Group Security division being responsible for designing and deploying effective cyber control capabilities and overseeing continuous improvement of the Group’s cyber risk p rofile.

As a large, tech‑driven organisation serving millions of customers daily, we must continuously harden our environment against an evolving threat landscape. This role leads the **enterprise‑wide Secure Configuration Management (SCM) control capability**, ensuring **secure baselines are defined, deployed,**monitored**and continuously improved**across all major asset classes. You’ll also provide **rules‑based security posture management oversight**(CSPM/SSPM/KSPM/Network/Posture-as-Code) and drive timely, risk‑informed remediation of baseline exceptions.

We support our people with the flexibility to balance where work is done with at least half your time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work for you.

**Do work that matters**

Establis hing and maintaining control standards and guidelines to align with changes i n industry standards, technology strategy and threat intelligence.

Governing the Group’s compliance with Security Configuration Management control requirements and supp orting the business in track ing remediation of critical security weaknesses and improvement of overall risk posture.

**You will also**:

- Ensure Security Configuration and Posture Management operation adher es to the Group Operational Risk Management Framework.
- Define the control testing approach to support automated control performance monitoring.
- Carry out annual control effectiveness assessments and drive appropriate risk remediation to address identified control weaknesses.
- Maintain positive stakeholder engagement with product owners, security engineers, and adjacent cyber security teams in relation to the development and lifecycle of secure configuration baselines and posture rulesets

**We are interested in hearing from people who**have**:
**Security Standards & Frameworks**
- Applied knowledge of ASD ISM, NIST, CIS, and Essential Eight mitigation strategies.
- Familiarity with vulnerability prioritisation frameworks like CVSS and EPSS.
- Security certifications such as CISSP, CISM, or CRISC are highly desirable.

**Tools & Technologies**
- Hands-on experience with policy compliance and security posture tools (e.g., Qualys, Wiz, NoName, Obsidian).
- Skilled in hardening endpoints and cloud services.
- Strong understanding of system security principles and automation for continuous compliance and reporting.

**Threat & Vulnerability Management**
- Ability to analyse threat intelligence, identify risks, prioritise vulnerabilities, and recommend mitigations.
- Experience implementing patch management programs and working with enterprise vulnerability management solutions.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.

Advertising End Date: 18/09/2025