Principal Security Governance and Privacy Specialist

The role

The Principal Security Governance & Privacy Specialist is instrumental in developing, managing, and maintaining security policies, standards, and procedures. The role contributes to strategic security analysis and planning while ensuring compliance with security policies and proactively managing security risks. The role will integrate security governance into existing forums and addressing any gaps through strategic governance approaches and take a lead role on ensuring a cohesive security team operationally.

The team

APRA is embarking on an ambitious program of change incorporating cloud, data, digital and security initiatives. This has created the opportunity to join a small but growing Security team which sits within the Technology, Data and Security division. The Security team manages cyber, information and personnel security aligning with the Protective Security Policy Framework (PSPF).

The team works in a highly collaborative manner with a wide range of stakeholders at all levels of the organisation to develop, communicate and implement the security strategy. Key stakeholders within the division include the CIO, CDO, CRO, Enterprise Architecture and IT Governance. Other key stakeholders across the organisation will include the Business Divisions, People and Culture, Procurement and Project Management Office.

Key responsibilities

• Lead the development, management and maintenance of comprehensive security policies, standards, and procedures across personnel, physical and cyber/information security.
• Oversee and ensure compliance with security standards and regulatory requirements and work closely with colleagues to gather information for reporting and analysis.
• Integrate security governance into existing forums and develop governance approaches to address identified gaps.
• Proactively maintain and manage the security risk register and support the execution of security risk assessments.
• Support security risk management and reporting processes, including policy exceptions and exemptions.
• Lead knowledge management across the security team to ensure up-to-date procedures and capabilities.
• Work with management on proactive team capability planning including skills, RACIs and capability gaps, and team operational activities including cross-security team process improvement, resourcing management, budget and operational efficiencies.
• Support the CISO by contributing to regular executive-level reporting on security outcomes.
  
  Contribute to government reporting (e.g., PSPF, E8, response to government directives).
• Security Plan and Strategy Management: Contribute to strategic security analysis and planning to enhance the overall security framework, execution of security objectives and resolution of gaps.
• High Performing Team: Proactively contribute to and support broader direct team outcomes.

To work with us, you must be an Australian citizen with eligibility to gain a NV1 clearance through the Australian Government Security Vetting Agency.

About you

• Proven experience in developing and managing security policies and standards.
• Experience in strategic security analysis and planning.
• Strong background in managing security compliance activities.
• Experience in maintaining security risk registers and conducting security risk assessments.
• Knowledge and application of security governance frameworks and integration strategies.
• Proficiency in security policy development and management.
• Strong analytical skills for conducting strategic security analysis.
• Expertise in security compliance and regulatory standards.
• Ability to manage and assess security risks effectively.
• Familiarity with security governance models and best practices.
• Knowledge of relevant government reporting requirements and frameworks.

About APRA

Australian Prudential Regulation Authority (APRA) was established in 1998 as an independent statutory authority that supervises almost 1,200 financial institutions that manage $8.6 trillion in assets for Australians across the banking, insurance and superannuation sectors.

In overseeing the safety, competitiveness and stability of the financial system, we seek to recruit, develop and retain highly skilled professionals, who want to help shape financial services and protect the financial wellbeing of the Australian community. Our employee base of almost 900 come predominantly from the commercial financial services industry or other government agencies; as such, we have the feel of a small corporate organisation that can work flexibly and with agility.

Why Work for APRA

We recognise the skills, experience and commitment that our staff bring to their professional lives, and we seek to reward them accordingly. We also recognise that for our staff to be able to perform at their best, we need to ensure that they are able to bring their best selves to work. Our commitment to wellbeing is having engaged people supported by resilient leaders within a values-aligned culture.

At APRA, we're committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought, and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. If you need any adjustments during the recruitment process, please inform at application stage so we can do our best to accommodate your requirements.