Senior Security Risk Reporting Specialist

The role

The Senior Security Risk & Reporting Specialist is a pivotal role responsible for developing, managing, and maintaining the end-to-end security risk management processes. This includes policy exceptions and exemptions, maintaining the security risk register, and supporting security risk assessments. The specialist will develop and maintain a security risk reporting framework, implement a cyber risk quantification capability, and provide regular executive-level reporting on security outcomes. This role requires cross-collaboration with personnel, physical, and cyber/information security topic areas to ensure a cohesive end-to-end analysis, identification, management, and reporting of security risks and issues.

The team

APRA is embarking on an ambitious program of change incorporating cloud, data, digital and security initiatives. This has created the opportunity to join a small but growing Security team which sits within the Technology, Data and Security division. The Security team manages cyber, information and personnel security aligning with the Protective Security Policy Framework (PSPF).

The team works in a highly collaborative manner with a wide range of stakeholders at all levels of the organisation to develop, communicate and implement the security strategy. Key stakeholders within the division include the CIO, CDO, CRO, Enterprise Architecture and IT Governance. Other key stakeholders across the organisation will include the Business Divisions, People and Culture, Procurement and Project Management Office.

Key responsibilities

• Lead the development, management and maintenance of security risk management and reporting processes, including policy exceptions and exemptions.
• Proactively maintain and manage the security risk register and support security risk assessments.
• Ensure cohesive end-to-end analysis, identification, management, and reporting of security risks and issues through cross-collaboration with personnel, physical, and cyber/information security teams; as well as broader teams in Technology and Data, Project Management Office, People and Culture and Procurement.
• Lead the coordination and management of government reporting (e.g., PSPF, E8, response to government directives).
• Develop and maintain the security risk reporting framework, including the implementation and ongoing management of a cyber risk quantification capability.
• Support the CISO by providing regular executive-level reporting on security outcomes, including development of executive papers and data-driven metrics.
• Security Plan and Strategy Management: Contribute to strategic security analysis and planning to enhance the overall security framework, execution of security objectives and resolution of gaps.
• High Performing Team: Proactively contribute to and support broader direct team outcomes.

To work with us, you must be an Australian citizen with eligibility to gain a NV1 clearance through the Australian Government Security Vetting Agency.

About you

• Proven track record in security risk management and reporting.
• Proven track record in maintaining security risk registers and supporting security risk assessments.
• Experience in developing and maintaining security risk reporting frameworks and implementing cyber risk quantification capabilities.
• Experience in providing executive-level reporting, including executive papers and data-driven metrics.
• Experience in coordinating and managing government reporting, such as PSPF and E8.
• Strong knowledge of security risk management principles and practices.
• Strong understanding of security controls and compensating controls.
• Proficiency in risk assessment methodologies and tools.
• Ability to develop and maintain comprehensive security risk reporting frameworks.
• Familiarity with cyber risk quantification techniques e.g. FAIR

About APRA

Australian Prudential Regulation Authority (APRA) was established in 1998 as an independent statutory authority that supervises almost 1,200 financial institutions that manage $8.6 trillion in assets for Australians across the banking, insurance and superannuation sectors.

In overseeing the safety, competitiveness and stability of the financial system, we seek to recruit, develop and retain highly skilled professionals, who want to help shape financial services and protect the financial wellbeing of the Australian community. Our employee base of almost 900 come predominantly from the commercial financial services industry or other government agencies; as such, we have the feel of a small corporate organisation that can work flexibly and with agility.

Why Work for APRA

We recognise the skills, experience and commitment that our staff bring to their professional lives, and we seek to reward them accordingly. We also recognise that for our staff to be able to perform at their best, we need to ensure that they are able to bring their best selves to work. Our commitment to wellbeing is having engaged people supported by resilient leaders within a values-aligned culture.

At APRA, we're committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought, and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. If you need any adjustments during the recruitment process, please inform at application stage so we can do our best to accommodate your requirements.