Cyber Governance

When you join ASX, you're joining a company with a strong purpose – to power a stronger economic future by enabling a fair and dynamic marketplace for all.

In your new role, you'll be part of a leading global securities exchange with a strong brand. We are known for being a trusted market operator and an exciting data hub. 

Want to know why we are a great place to work, click on the link to learn more.

The ASX team brings together talented people from a diverse range of disciplines. 

We run critical market infrastructure, with 1 in 3 people employed within technology.  Yet we have a unique complexity of roles across a range of disciplines such as operations, program delivery, financial products, investor engagement, risk and compliance.

We're proud of the diversity of our organisation and the culture of inclusion that all our people help to build every day. Our employee-led groups are known for celebrating cultural and religious events, championing LGBTIQ+ inclusion (recently achieving AWEI Bronze), inspiring giving and volunteering, promoting gender equality, and wellbeing.  We are an Employer of Choice for Gender Equality (WGEA) and a member of the Champions of Change Coalition for the advancement of gender equality in Australia. 

Your responsibilities:

• Support the uplift and documentation of Cyber Security controls in line with best practice frameworks including NIST, focusing on key domains such as Identity & Access Management, Detection & Monitoring, and Vulnerability Management.

• Partner with cyber SMEs to assess, plan, remediate and uplift IT General Controls, including strengthening definitions, evidence requirements and reporting.

• Develop and maintain cyber governance dashboards and metrics to demonstrate compliance to cyber security requirements and obligations against key control domains (e.g. patching, vulnerability management, identity).

• Consolidate and analyse technical data from sources such as vulnerability scanners, CMDB, and Identity systems to identify compliance gaps and emerging trends.

• Translate technical data into clear, visual insights for different audiences including IT service owners, senior management and risk committees using tools such as Power BI, Tableau or advanced Excel.

• Prepare assurance, audit and regulatory artefacts by coordinating high-quality evidence and reporting packs.

• Support uplift of automated reporting and integration into the risk system, Service Now and other data platforms to enhance transparency of cyber health.

• Maintain documentation repositories, exception registers and data sources to ensure traceability and version control across governance artefacts.

• Identify opportunities to automate and streamline cyber reporting, metrics and control-related data flows.

Must have:

• 5–8 years' experience in cyber or technology governance, risk, compliance or assurance roles, with exposure to data-driven reporting and metrics.

• Working knowledge of cyber control domains such as identity and access management, detection and monitoring, patching and vulnerability management.

• Good understanding of frameworks and standards (e.g. NIST CSF, ISO 27001, ASDE8, CPS 234, COBIT).

• Demonstrated ability to analyse and visualise technical data using tools such as Power BI, Tableau or advanced Excel.

• Good written and verbal communication skills, including the ability to translate technical or complex data into insights for technical and non-technical audiences.

• Proven ability to manage multiple governance artefacts (e.g. control registers, pen testing findings, exceptions log, dashboards, evidence) with attention to accuracy and version control.

• Skilled in coordination, reporting and stakeholder engagement across technical and risk functions.

Nice to have:

• Experience supporting or reporting on IT General Controls (ITGCs) or control effectiveness outcomes.

• Familiarity with enterprise risk systems and their data structures.

• Exposure to data integration or automation between systems such as CMDB, vulnerability management, and reporting tools.

• Experience developing or enhancing cyber, technology or risk dashboards.

• Knowledge of data storytelling or visual communication principles to convey risk posture and control effectiveness.

• Professional certifications such as CISA, CRISC, CISSP, or ITIL.

• Experience working in a regulated or audited technology environment (e.g. financial services, critical infrastructure)

We make hiring decisions based on your skills, capabilities and experience, and how you'll help us to live our values. We encourage you to apply even if you don't meet all the criteria of this role. If you need any adjustments during the application or interview process to help you present your best self, please let us know.

At ASX Group, our diverse workforce is essential to build and maintain a fair and dynamic marketplace. We support flexible working and offer hybrid working options. Even if our roles are advertised as full-time, we encourage you to apply if you are interested in part-time or other flexible working arrangements.

We will arrange for successful candidates to have background checks, including reference and police checks completed as part of the on-boarding process.