Cyber Offensive Security Lead

Key role in Security maturity journey, uplifting Security Testing
- Hybrid, flexible working environment, with Alexandria (Sydney), Melbourne or Brisbane office options

**About Ampol**

Here at Ampol, we are proud of our heritage as Australia's only owned fuel brand. Fuel may be the foundation of our business, but our motivation and purpose come from the people, industries, and communities we engage with. From our origins until today, we've always been inspired by the role we can play in people's lives - to keep them moving, to make journeys happen.

In the next few years, Ampol will be evolving our energy offering to ensure we continue to meet the ongoing needs of our customers whilst best leveraging marketplace opportunities as they arise. We are investing in our infrastructure and people to ensure that we can continue to provide, safe, reliable, and competitive supply to our valued customers.

For over 100 years we have supported Australians to travel far and wide, and we'll be here for 100 more powering better journeys.

**The role**:
The Cyber Offensive Security Lead will be part of the Cyber Security Architecture team for Ampol Group, responsible for developing and delivering the Enterprise Cyber Security Testing standards, guidelines and procedures (incl. Application Security, penetration testing etc).

The Cyber Offensive Security Lead will also provide cyber risk consulting, compliance, advice/recommendations across the enterprise to support current & future requirements, propose Security Testing solutions and governance that deliver the desired security posture.

This is a permanent position that can be based from any of our Australian offices (Alexandria NSW, Brisbane or Melbourne) with flexible, hybrid work options available.

**Key duties**:

- Identify, influence, advise and recommend cyber security services and technology that will enable business solutions to be delivered in a pragmatic manner whilst preserving the integrity of the Ampol enterprise environment and ensure ongoing compliance with relevant regulatory requirements.
- Analysis/assessment of business requests whilst constructively challenging and negotiating the requirements to derive the underlying needs together with development or quality assurance of solution designs, vendor proposals, business cases and service implementation plans/documentation.
- Provide guidance and support to Project teams on cyber security architectural risks and aspects of infrastructure or system development and integration
- Build and maintain effective working relationships with business customers and external vendors/suppliers to support Ampol objectives
- Support education and awareness activities to optimise the use of existing technologies, services and controls (people, process and technology) to arrive at a "risk-informed" and pragmatic outcome.
- Development, and communication of the enterprise cyber security architecture including defining the relevant design standards and legislative requirements (ISO, NIST, PCI/DSS,), policies, key principles, technical strategies/standards, guidelines and procedures required to support it.
- Assist the evolution of the enterprise cyber security architecture by defining the risks, policies, methods, models, tools, processes, and procedures that describe the organisation's current and future cyber security state

**About you**:

- Strong influencing, collaboration and organisational skills
- Relevant certifications such as for security management (CISSP, CISM, or CISA); Offensive security (OSCP, CREST, CEH, GSEC); Architecture (SABSA, TOGAF); or technical and practical (GIAC / SANS) or vendor specific for Microsoft, are advantageous

**Demonstrated expertise and experience with**:

- SOA security design, controls and implementation
- A broad range of technical concepts: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy.
- Information/Cyber Security Frameworks and standards (ISO 27k, NIST, ITIL, SABSA, TOGAF, IRAP, COBIT, etc)
- IT information protection, security and regulatory policies and standards
- IT Systems Engineering Process and Engineering life cycles

**We'll take you further by**:

- Our total remuneration is competitive. This is across base salary, a performance incentive, employee share offers and a 25% discount on Fuel for two privately used cars
- We are flexible. Many of our teams have embraced hybrid work, balancing time spent remote working, with time spent at an office to connect and work together where it adds value.
- We value recognition. We have an internal recognition platform amplifying the achievements of those who do great work and demonstrate our capabilities and values.
- Career development and learning opportunities including LinkedIn Learning and other tailored training solutions.
- BabyCare Package - financial and flexible support for parents transitioning back