Manager Cybersecurity

Full-time, permanent role
- (South Wharf CBD location) with flexible work options available (work remotely if needed)
- Employer of Choice winner four years in a row

Melbourne Convention and Exhibition Centre (MCEC) is the home of unconventional. At MCEC we do things a little differently. We bring fresh ideas and imagination to every event. We happily turn concepts on their head to make each experience momentous.

We welcome events of all shapes and sizes, from board meetings and small celebrations through to conventions, gala dinners, exhibitions, and concerts. Our doors are open for events and moments that connect us - in person, virtual or hybrid, and everything in between.

Our city is our inspiration, located in the vibrant South Wharf precinct, just a stroll along the Yarra River. Melbourne is on show at MCEC - in the architecture and design, food and hospitality, AV technology, Customer Service, location, and views.

**About the role**

The Manager Cybersecurity will be responsible for both the strategic and operational management of the MCEC Security Management Framework (SMF). This role will also include working closely with the Information Technology leadership team to bring the team on the journey of extending current capabilities and understanding of the importance of cybersecurity and information security

This role will seek to provide an upliftto the Information Technology team to ensure that it can enable the security aspects of the digital transformation journey that MCEC is currently undertaking.

It will play a key role in mentoring and coaching the existing Information Technology team in adopting secure by design practices and security architecture best practices.

Key focus areas will include:

- Creating and managing Cybersecurity strategy and framework
- Drive and manage appropriate cybersecurity governance and compliance
- Drive MCEC’s cybersecurity maturity goals through a cybersecurity program of works - including developing business cases and budget and costs
- Provide an MCEC wide Information security awareness and training - acting as the focal point for cybersecurity within MCEC
- Ensure ongoing MCEC digital resilience

**Key Accountabilities**
- Develop, manage, and maintain MCEC’s Information Security Strategy and Security Management Framework, aligned to the VPDSF.
- Develop and deliver MCEC’s Cybersecurity Transformation Roadmap uplifting MCEC’s security maturity in alignment with the Information Security Strategy objectives and obligations to the VPDSF
- Articulate, develop, and drive alignment of security architecture with enterprise architecture, ensuring outcomes including operationalization
- Articulate, develop, and drive cybersecurity business case development, program design and sponsorship - ensuring outcomes including operationalization
- Manage and maintain MCEC’s Cybersecurity governance including appropriate forums/committees, information technology (security) risk management and compliance
- Participate in the Information Security Audit Risk and Compliance (ISARC) committee meetings to present and consult on cybersecurity risk.
- Facilitate the information security risk assessment process, developing Security Risk Assessments (SRA) and System Security Plans (SSP)
- Assist in the completion of internal audits and VPDSF attestation processes
- Manage and maintain underlying documentation including Security Management Framework, Protected Data Security Plan (PDSF) and Risk Management Assessment
- Undertake an annual, independent review of MCEC’s cybersecurity maturity utilizing a recognised industry framework
- Ensure all cybersecurity controls and measure are operationalized and effective across MCEC
- Provide an MCEC wide cybersecurity awareness and training capability - ensuring that MCEC’s people are its best asset in protecting its digital assets
- Work proactively and collaboratively with other business stakeholders in promoting and understanding MCEC information assets and their intrinsic value
- Manage and drive MCEC’s digital resilience measures and outcomes
- Ensure an ongoing program to test, manage and remediate including, but not limited to, Disaster Recovery Plan, monitoring and alerting, storage best practice and adherence to the ASD Essential Eight

**Qualifications, knowledge, and Experience**:
**Essential**
- Relevant tertiary qualifications (e.g., computer science or IT degree), industry certifications (e.g. CISM, CISSP, TOGAF, GIAC) and/or relevant industry experience
- 5 - 10 years' experience in information security and IT risk management.
- Demonstrated commercial experience managing cyber security governance and compliance in a complex corporate environment.
- Previous success in leading and motivating high performing teams.
- Experience working with technology professionals across different Departments or Teams.
- Agile or Iterative delivery experience

**Desirable**
- Security Architecture skillset
- Information Technolo