Head of Information Security

THE COMPANY

Operating in the Insurance industry, this Australian Financial Services corporation employs 80+ staff and delivers purpose driven outcomes for Australian households, businesses, and communities.

• Cyber-aware CEO, Board, and Executive Leadership team.
• Forward thinking with investment in IT and Cybersecurity through a modern cloud-first approach (Microsoft Azure, ZTNA) with no legacy technology.
• Upcoming implementation of a modern data analytics solution - Azure Databricks.
• Strong emphasis on data management, security and risk mitigation.
• More than $1 billion in written premiums.
• Additional superannuation contributions.
• Emphasis on learning & development and a work/life balance.
• Hybrid working.

ROLE & RESPONSIBILITIES:

Newly created Head of Information Security position operating in a small yet impactful team of 3 to lead and improve the enterprise security function.

Engaging directly with the Board, you will provide strategic direction and practical leadership on how to best improve information security in alignment with organisational objectives.

Operating in a mature and modern cloud environment, you will focus on improving and refining information security, while simultaneously building positive confidence at the Board level through improved Board reporting, education, and communication.

Key responsibilities and deliverables:

• Lead the strategic direction of Information Security in alignment with business objectives and mission.
• Build and maintain successful relationships as a trusted cyber security advisor with the Board, Executive Leadership team, Technology teams, and wider organisation.
• Establish confidence with the Board through producing high-quality Board papers that provide clear and confident reporting on cyber posture, risks, vulnerabilities, metrics, and investment priorities.
• Board and Executive level communication translating complex security risks/issues into an understandable business context.
• Improve Information Security operating cadence across Technology and the broader organisation.

• Ensure ongoing compliance with legislative and policy frameworks including Protective Security Policy Framework (PSPF), ISM, Essential Eight, Privacy Act etc.

• Educate business leaders and end users on cyber controls, risk awareness, and behavioural best practices.

• Embed a pre-emptive and proactive culture around the awareness of current/emerging cyber threats.

• Manage third-party security providers to deliver 24/7 monitoring, incident response, and security operations.

• Strengthen relationships with the Australian Cyber Security Centre for threat intelligence and early warnings.
• Oversee controls implementation, risk management, and continuous improvement across Information Security.
• Support the uplift of internal capability within the Information Security team, including hiring, coaching, and mentoring.

REQUIRED BACKGROUND / EXPERIENCE

Suitable for a Head of Information Security experienced operating as a trusted advisor at the Board level yet still capable of undertaking a broad role inside a small yet impactful team.

A background operating and socialising at the Board level (including preparing / presenting Board reports) then translating and communicating complex security risks/issues into an easy-to-understand business context is essential.

Ideal for a Security leader seeking to improve/refine Information Security inside a purpose driven and forward-thinking organisation who invests in modern technologies and values continuous education.

Experience and Qualifications:

• Education: Bachelor's degree in IT, Cyber Security, or a related field
• Certifications: relevant industry certifications e.g. CISSP, CISM, CISA

• Experience:

• Leading enterprise security functions across strategy, incident response, and governance, risk & compliance.

• Strong understanding of cyber resilience, risk posture, and controls.
• Vendor management of third-party security service providers.

• Leading and developing small yet high-performing teams.

• Proven track record:

• Successfully preparing and presenting cyber security reports to Boards and translating technical and risk concepts into clear, business relevant insights.

• Designing and embedding security governance, controls, and risk management practices across cloud-first environments.

• Leading uplift in security culture, awareness, and capability across an organisation.

• High impact communication:

• Ability to distil the message, eliminate unnecessary complexity, and communicate in an easy-to-understand and business-minded manner to C-suite and Board members.

• Exceptional stakeholder management skills with a sense of gravitas capable of influencing others at an executive level.

• Demonstrate broad awareness of the changing external threat landscape and potential issues/risks/drivers, then clearly communicate what this means for the organisation.

• Security Compliance Frameworks: Comprehensive understanding of the Australian Government's PSPF, including ISM and Essential Eight.

• Leadership skills: Strong leadership and team-building capabilities with a track record of managing and developing high-performing teams.

• Industry experience: Financial Services, Insurance, Superannuation or similarly APRA-regulated environments is preferred.

• Australian citizenship and ability to obtain Australian Government security clearance is essential.

Apply Today

Please send your resume by clicking on the apply button.

Reference Number:

By clicking 'apply', you give your express consent that Robert Half may use your personal information to process your job application and to contact you from time to time for future employment opportunities. For further information on how Robert Half processes your personal information and how to access and correct your information, please read the Robert Half privacy notice: Please do not submit any sensitive personal data to us in your resume (such as government ID numbers, ethnicity, gender, religion, marital status or trade union membership) as we do not collect your sensitive personal data at this time.