Cyber Risk and Governance Manager

**Job no**: 53877329

**Brand**: Australia Post

**Categories**: Digital

**Work type**: Permanent Full Time

**State**: VIC

**Location**: Melbourne

**You might think you know us, but we’re delivering like never before.**

As the world rapidly changes, we’ve had to change too - to ensure our future is even greater than our past

It’s an exciting time to be at Australia Post

Customer Experience and Digital Technology is at the core of Australia Post’s transformation. This new business unit is empowered to deliver for our teams and delight our customers. We provide an inclusive and supportive environment that nurtures talented people, trusts our teams to deliver their best, and leverages modern work practices and technologies. It's an unexpectedly dynamic and collaborative culture that feels more like a start-up than a 213-year old icon.

And we’re always on the lookout for passionate, purpose-driven people to join our team.

**Customer Experience and Digital Technology?**

The purpose of Customer Experience and Digital Technology is to design, build and maintain products, services and experiences that Australian's love and trust, while delivering a sustainable future for Australia Post. The key areas that Customer Experience and Digital Technology is responsible for include Customer Experience, Customer Services, Decipha, Identity and Financial Services, Digital Channels, Data Science, Data Commercialisation, Product Engineering and Platforms, as well as Technology.

**What does the role involve?**

As a Risk and Governance Manager, you will be responsible for leading cybersecurity and technology risk management activities for the Australia Post Group (APG), with a focus on delivering 1st line risk management activities to support decision making across the organisation.

Managing a team of security professionals, you will deliver cyber security & technology risk outcomes, cyber threat intelligence, and key cyber governance and reporting functions.

We will rely on you to drive cultural change across Australia Post group (APG), to support the business growth and technology-based risk assessments, to enable business decision making.

**Additional responsibilities will include**:

- Aligning risk management activities and reporting with Business outcomes and demonstrated business value;
- Establishing and maintaining information security policies and standards aligned with industry good practice, regulatory requirements and APG (Australia Post group) business practices;
- Establishing and maintaining cyber risk and security frameworks to support delivery of operational and strategic security outcomes;
- Identifying and assessing internal and external influences that impact APG's (Australia Post group) cyber risk and threat position;
- Establishing, monitoring, evaluating and reporting key information security metrics and KRI’s to provide management and operational teams with meaningful information regarding their cyber security and risk position;
- Integrating cyber security governance into corporate governance practices and support delivery of the Cyber Security Strategy.

**What we’re looking for**:

- Minimum 10 years’ experience in the cyber security industry;
- Pragmatic approach to Information Security, understanding business objectives and value;
- Demonstrated experience in developing security frameworks, policies and standards to support large enterprises;
- Ability to present complex technical and operational information into simple, business language;
- Demonstrated experience leading a team of Information Security and technology professionals in a large and complex organisation, ensuring strategic and operational delivery requirements are met;
- Demonstrated experience influencing senior management and business leaders;
- Strong understanding of effective technology and security policies and standards, risk, audit and reporting concepts;
- Demonstrated experience working with Audit, Governance, Risk and Compliance teams;
- Strong understanding of Technology and Information Security related industry standards and regulations such as ISO27001/2/5, ISO31000, ASCS Essential 8, COBIT, ITIL, PCIDSS and the Australian Government Information Security Manual;
- Expert knowledge of external government and industry compliance programs such as PSPF, PCI, Privacy and ISO27001;
People say you are an immaculate storyteller, who can articulate compelling vision in strategic business terms. You are known for your adept communication, influencing and negotiation skills and have the natural ability to craft compelling strategies, keeping in mind the Cyber Security risks/ threats and future technology trends.

**We believe investing in our people is good business.**

We know that your life outside of work matters. So, while we work hard, we also have a culture that promotes a genuine work/life balance. Our teams operate flexibly so please speak to us about what this could look like for you.

Togethe