cyber security governance risk

• Ongoing position commencing July 2025

• Based at TAFE SA Regency Campus with hybrid work options

• AS08 salary range $121,107 - $127,679 p.a. super

About TAFE SA
Awarded the Training Provider of the Year at the 2021, 2022 and 2024 SA Training Awards, TAFE SA ensures all South Australian students have access to quality education and skills training across a number of regional and metropolitan locations.

By working with TAFE SA, you'll have the opportunity to advance your career in a diverse and inclusive organisation, while helping to deliver job-ready skills and meaningful outcomes for students across our state.

About the role
TAFE SA is seeking an experienced leader for the role of Manager, Cyber Security Governance Risk & Compliance Lead. This pivotal position is responsible for safeguarding TAFE SA's digital assets by ensuring compliance with Federal and State cybersecurity frameworks and industry best practices. This role is essential in strengthening the organisation's security posture through governance, risk assessment, and compliance across all aspects of TAFE SA's operations.

The Cyber Security GRC Lead will develop and implement policies, standards, and processes that support security objectives while enabling TAFE SA to deliver on its Strategic Plan. The Cyber Security GRC Lead will identify, assess, and monitor cyber risks, ensuring effective mitigation is in place.

The Cyber Security GRC Lead works closely with teams such as IT, Governance, Procurement, and Education, they will build strong cross-functional relationships to align stakeholders and support a secure, compliant environment.

By staying ahead of emerging threats, regulatory changes, and industry trends, the Cyber Security GRC Lead fosters a culture of security awareness and ensures TAFE SA remains resilient in a dynamic threat landscape.

Key Outcomes of this role

• Lead and manage the strategic planning, development, implementation and evaluation of a critical program of work that ensure TAFE SA cyber security governance frameworks, risk management strategies and compliance measures are aligned with Federal and State Government requirements.
• Oversee, coordinate and conduct a range of complex and critical functions and services that deliver and maintain a full scale cyber security risk management capability, including managing significant resources, facilitating risk assessments, ensuring risk and treatment owners are aware of their responsibilities, and providing regular reports.
• Lead, direct and conduct a program of work to implement, maintain and evaluate the TAFE SA Information Security Management System, including identifying, assessing and monitoring cyber risks, ensuring appropriate mitigation strategies are in place and continuously monitored.
• Lead the planning, development, implementation and evaluation of critical projects and continuous improvement programs for TAFE SA's Cyber Security maturity in line with Federal and State frameworks and guidelines.
• Provide expert advice and consultancy services to TAFE SA technical teams, vendors, service providers and individuals from across TAFE SA to ensure stakeholders understand and monitor the material impacts of cyber security risks.
• Provide expert advice and assistance to senior IT leaders in the review and development of cyber security governance, risk and compliance strategies, the development and tracking of key performance indicators and metrics for GRC activities, and the resolution of complex issues.
• Promote a culture of continuous improvement in cyber security by developing and maintaining collaborative working relationships to facilitate appropriate, timely, efficient and effective governance of cyber security across TAFE SA.
• Lead and apply a partnership approach in the delivery of expert, evidence based, cyber security governance, risk and compliance related advice and client centric services, including leading the development and maintenance of the TAFE SA Information Security Policy, Procedure and Standards suite to ensure they remain up to date and appropriate for TAFE SA.
• Represent TAFE SA on relevant projects, committees, forums and working groups related to cyber security and related governance, compliance and risk management.

Essential Key Selection Criteria

• Extensive contemporary knowledge of, and experience with, cyber security and risk management policies, frameworks, procedures, standards and best practices (for example AS/NZS ISO/IEC 27001/2, AS/NZS ISO 31000, the Australian Signals Directorate Essential Eight and Information Security Manual) and significant experience in the development, application and review of related processes and procedures including the establishment of a robust Information Security Management System suitable for audit.
• Extensive experience in leading and managing a major enterprise program of work in cyber security governance and compliance projects and services, including working with executive, management, staff, vendors and service providers in a complex and geographically dispersed environment.
• Significant experience in identifying, analysing, translating and interpreting complex cyber security governance compliance frameworks and standards, to resolve complex problems and developing appropriate methodologies, standards and documentation to formulate and implement innovative, flexible and adaptable solutions and inform decision making.
• Demonstrated ability to establish and maintain effective relationships with internal and external clients and stakeholders, including applying a partnership approach in the delivery of expert, evidence based, cyber security governance, risk and compliance related advice and the provision of client centric services.
• Highly effective communication and interpersonal skills with a significant capacity to advise on and present complex cyber security governance, risk and compliance related concepts clearly and concisely and tailor insights to a diverse range of stakeholders, to advise, consult and negotiate successful outcomes and develop high level recommendations and actions.
• Demonstrated ability to work independently, as well as collaboratively in a team, under broad policy guidelines, exercise significant levels of independent judgement and delegated authority to determine goals and priorities within an organisation's corporate objectives and ensure that the required standards of service and quality are met within tight timeframes.
• Demonstrated ability to apply a high degree of attention detail, accuracy and original thinking to identify and analyse complex problems, formulate and implement innovative solutions and meet strict deadlines in an environment of continual change and growth.
• Tertiary qualifications, industry certifications in cyber security and/or active participation in information security professional organisations such as ISACA and AISA.
• Knowledge and understanding of Aboriginal culture and community, and a commitment to culturally respectful practices in the workplace.

For more information regarding this position, please refer to the Role Description.

Special Conditions
The successful applicant is required to demonstrate having a valid DHS Working With Children Check (WWCC) prior to being employed. Applicants who do not hold a WWCC will need to apply at Department of Human Services (DHS).

• Some out of hours work may be required
• Some intrastate and interstate travel may be required.
• This role's location is site specific, which may change due to the business needs of the role and TAFE SA.
• Incumbent will be required to participate in the department's Performance Development Program
• Eligibility to work in Australia.

Please refer to the Role Description for all Special Conditions.

Application Instructions
All applications must be submitted online.
For further information on how to apply for this position, please refer to the attached application guidelines and Role Descriptor.

Your application must address all Key Selection Criteria as listed in the Role Description. Provide examples outlining your skills, experience, and knowledge of each criterion, and how you put them into practice. It is important that you identify skills you may have which are not explicitly specified in the Role Descriptor and yet, in your opinion, would enable you to perform well in the position.

TAFE SA offers a range of work options to attract and retain great staff, including part-time. We support employees to manage their work-life balance at all stages of their lives. Applicants are encouraged to discuss the flexible working arrangements for this role.

Enquiries
Richard Bradley
Manager, IT Service Delivery and Assurance
Ph:
E: ***************