Principal Cyber Security Governance Risk and Audit Analyst

About the role:

The Principal Cyber Security Analyst Governance, Risk & Audit is responsible for leading and executing end-to-end activities related to internal and external audits, governance forums, cyber security performance reporting, and cyber risk management. This role plays a key part in strengthening the department's cyber resilience by identifying opportunities to enhance the capture, consolidation, alignment, and analysis of cyber and information security risks. The Principal Cyber Security Analyst will apply relevant frameworks, including the Victorian Protective Data Security Standards (VPDSS), the Essential 8, and the National Institute of Standards and Technology (NIST) to ensure continuous improvement and a robust approach to cyber risk governance.

About us:

At the Victorian Department of Health we want a future where Victorians are the healthiest people in the world. A Victoria where our children and people thrive, our workplaces are productive and safe, and our communities are more connected.

We see it as our job to support Victorians to stay healthy and safe. And to deliver a world-class healthcare system that ensures every single Victorian can access safe, quality care that leads to better health outcomes for all.

About you:

We are looking for someone who can:

• Lead and establish a consistent process with the Cyber Security Management Team so that assurance and security risks are captured, assessed, reviewed and managed.
• Coordinate and manage internal and external stakeholder involvement in risk, compliance and audits activities.
• Lead, establish and deliver regular reporting of KPIs, risks and treatments for relevant senior governance forums by evolving the cyber dashboard.
• Manage end-to-end ongoing review of risk with risk owners and maintain currency of all cyber risks in alignment with the relevant risk registers.
• Produce simple and effective analysis and content for use in branch reports and senior governance forums and briefing papers for steering committees.

Qualifications/Specialist expertise:

• A tertiary qualification in fields related to public policy, governance, risk and audit, or experience in cyber security would be desirable.
• High level competency in Microsoft office, data analysis, Power BI reporting and a high level of computer literacy.
• High level competency in writing departmental memorandums, briefs and other documentation, following defined processes, writing style and visual style guides.
• Experience with risk management, audits and the requirements of governance committees.
• Experience analysing and reporting cyber / information security risks.
• Experience with common information security frameworks e.g. Victorian Protective Data Security Standards, Essential 8, NIST.

For more information please refer to the attached Position Description.

What we offer: .

• The opportunity to perform meaningful work, making direct contributions toward enabling Victorians to be the healthiest people in the world.
• A wide range of growth and development opportunities within the department and wider Victorian Public Service & Sector.
• A strong commitment to work-life balance, including a diverse array of flexible working arrangements.

How to apply:

Applications should include a resume and a cover letter. Click the `Apply' button to view further information about the role including key contact details and the advertisement closing date.

We are committed to developing and supporting a workforce that is well equipped and highly motivated to provide responsive and quality services to all Victorians. We continue to build an inclusive workplace that embraces diversity of backgrounds and differences to realise the potential of our employees for innovation and delivering services aimed at enhancing the lives of all Victorians. All roles can be worked flexibly and we encourage applications from Aboriginal people, people with disability, LGBTIQ+ and people from culturally diverse backgrounds. Please contact us if you require any adjustments to participate in the recruitment process at For more information on our commitment to inclusion and diversity see inclusion and diversity at the Department of Health.

If you have any queries in relation to recruitment processes at Health, or experience any issues in applying, please feel free to email Please note that unsolicited applications will not be replied to. If you have questions regarding the role specifically, we would advise you to reach out to the contact listed on the advertisement directly.

Preferred applicants may be required to complete a police check and other pre-employment checks. Information provided will be treated in the strictest confidence in line with our Privacy Policy.