Principal Cyber and Technology Risk Advisor

Location: Melbourne | CBD

Job type: Ongoing - Full Time

Organisation: Department of Transport and Planning

**Salary**: $130,673 - $174,869

Occupation: IT and Telecommunications

Reference: 3676

The Department of Transport & Planning brings together all transport modes to design, plan, build and operate Victoria's transport system. Our job is to further integrate the transport network and improve the delivery of services to Victorians for simpler, quicker and safer journeys that connect people and places and support Victoria's prosperity and liveability.

We’re focused on outcomes that deliver more choice, connections and confidence in our travel, ensuring the whole transport network works as one to deliver better services and outcomes.

The department is committed to building a culture where we say 'yes' to flexible work arrangements, provide personal and professional development programs and support ways of working that help employees balance work and life.

The department is an equal opportunity employer and welcomes applicants from a diverse range of backgrounds, including veterans, people who identify as Aboriginal and Torres Strait Islander, have a disability, are from varied cultural backgrounds and those who identify as LGBTIQ+. The department provides workplace adjustments for applicants with disabilities

**Investment and Technology** is a Group within the Department of Transport and Planning, and is responsible for leading investment strategy and provide commercial and information technology services to drive high performance and improved commercial outcomes for the Transport and Planning portfolio and state.

**Enterprise Technology** is a division within Investment and Technology, and is reponsible for providing IT services and technology for DTP and delivery Corporate and Enterprise wide capabilities. Enterprise Technology performs a central role providing core IT operational services, cyber leadership, and documenting strategic directions for all of DTP’s information technology.

**About the Role**

Reporting to the Assistant Director, IT Risk Assurance and Awareness, this role is responsible for providing specialist support to the Enterprise Technology Divisional leadership through the preparation and implementation of the specialised enterprise cyber and technology risk framework, leading the facilitation of cyber and technology risk assessments and guiding on risk prioritisation and management strategies. This role will work closely with the Line 2 enterprise risk team and provide guidance to relevant operational teams on implementing the Department’s Cyber and Technology strategy.
- To access the Position Description, please click here._

**Position Outcomes / Accountabilities**
- Effective Whole of Department Cyber and Enterprise Governance and Risk framework aligned and integrated with the Department’s enterprise Risk Management Framework.
- Established and embedded the cyber and technology risk operating rhythm, aligned to the Department’s enterprise risk cycle, including management and review of the Enterprise Technology Divisional risk register. - Whole of Department Security risk Profile Assessment (SRPA) established including implementation of Essential 8, Victorian Protective Data Security Framework, and other relevant best practice controls and control assurance overlay.- Operated within a complex and dynamic environment you will provide specialist support to Enterprise Technology leadership group through the preparation and co-ordination of enterprise cyber and technology risk, contingency and consequence framework establishment to improve resilience.
- Developed and managed stakeholder engagement, ensuring the achievement of identifying, assessing, and controlling cyber and technology risks.
- Lead in the prioritisation and closure of audit findings, including the activity of works to close audit findings.
- Lead the Cyber Maturity Benchmarking assessments and work with Enterprise Technology to undertake a risk-based approach to inform a program of works to uplift cyber maturity and mitigate risk.
- Promote and support safe, inclusive, and flexible team operations

**Qualifications and Experience**

**Desirable**
- Tertiary qualification in cyber and technology risk management
- Experience in developing and implementing an annualised security risk program assessment (SRPA)

**What we offer**
- Meaningful work making Victorian communities more accessible and liveable
- Professional growth and development opportunities across the department and the wider Victorian Public Services
- A hybrid working model focused on collaboration and teamwork
- Optimal work-life balance initiatives including flexible working arrangements
- Opportunity to work across multiple urban and suburban hubs
- We prioritise the development of a safe and inclusive culture

**Culture Value**

We are an equal opportunity employer, embracing a diverse range of applicants such as veterans, and peop