Information Security Manager

**About the Company**

Diversa Trustees Limited (DTL) and its related company CCSL Limited are both specialist Trustee companies focussing on superannuation funds in Australia, including retail master trusts, corporate funds, platform (wraps), Pooled Superannuation Trusts, Eligible Rollover Funds and insurance only funds.

Both companies have been in operation for many years and combined provide trustee services to approximately 24 APRA regulated superannuation funds with in excess of $8 billion of assets under management. The group holds significant market share amongst Extended Public Offer licensees, making it the largest EPO Licensee in Australia by number of funds.

Our model is differentiated in the Australian marketplace as our fundamental approach is to ‘partner’ with client organisations to achieve successful outcomes. We strive to be innovative and proactive in assisting clients achieve their objectives and commercial outcomes, while at the same time placing an emphasis on compliance and ‘best practice’ corporate governance.

**The Role**

The role will provide oversight and management of the information security function and capabilities. An emphasis on security governance, risk and compliance more than other security domains based on the business operating model. The role will work closely with the Risk and Compliance, Office of the Superannuation Trustee, Legal and Technology teams, and:

- Provide hands-on expertise on implementation, maintenance, evaluation and supervision of Information Security policies, procedures and controls internally within Diversa and across its 70+ outsourced providers.
- Prepare, conduct and report on controls testing and audits across the business in accordance with regulatory obligations and security standards, such as APRA CPS234, APRA SPS231, ATO DSP Operational Framework, NIST CSF or similar.
- Own and maintain the Information Security Policy Framework, including underpinning standards, processes and procedures.
- Conduct technical and information security activities i.e., security risk assessments (internally and third-party), information asset governance (identification and classification), security risk management, disaster recovery planning and testing, and security incident management.
- Manage Diversa’s security platforms and tools
- Oversee Diversa’s security awareness and training program
- Champion information security throughout the organisation including Chair of the Information Security Committee
- Work with the Board and senior management to develop and maintain the Information Security vision, strategy, and program to ensure information assets are protected
- Provide applicable security operational and risk reporting to the Board and senior management.

**Requirements**:

- 3+ years of experience in an Information Security role, preferred Security Group Risk & Compliance related role
- Relevant security qualifications such as CISSP, CISM, CRISC, or information security tertiary degree or diploma
- Understanding of technical concepts in modern information security such as enterprise identity, endpoint protection, vulnerability assessments, and others
- Strong communication skills to be able to work with a vast array of stakeholders from auditors, vendors and the Board
- Strong experience and fluency with governance, risk and compliance frameworks

**Benefits**

**Our Culture & Benefits**

We’re proud of our culture. We take a holistic approach to work and life and provide opportunities for all employees to achieve their professional goals while meeting their personal needs.

We value collaboration, teamwork and diversity and understand that through flexibility our employees can achieve their best

We offer an attractive remuneration package commensurate with skills and experience. You will have the opportunity to work in a professional, supportive and friendly work environment in our new CBD office as well as from home.

If this ticks your boxes we want to hear from you