Information Security Consultant

**How will I help?**

We have a position for an Information Security Consultant, reporting to the Senior Manager of Security Policy & Reporting within Westpac's Information Security Group (ISG). You will play an integral role as part of a high performing Security Compliance team that designs, monitors and reviews security controls and compliance requirements within the ISG policies and standards in addition to processing all Security Standard exceptions.

Your key responsibilities will include:

- Maintain on-going and continuous process for conducting security control and compliance reviews (e.g., continuous visibility/assessment).
- Establishes information security and cyber frameworks, policies, standards and procedures.
- Develop, implement, maintain, and oversee enforcement of internal security policies, standard, guidelines, and procedures based on industry-standard best practices and compliance and regulatory requirements.
- Monitors, reports on and continuously improves performance of ISG controls.
- Evaluates, recommends, and tracks security measures to assist in the mitigation of security vulnerabilities.
- Implements processes, such as e.g., SNOW GRC (governance, risk, and compliance), to automate and provide continuously monitoring of information security controls, exceptions, and risks.
- Identifying and undertaking on-going Security Policy and Standard exception reviews against Technology Control Library (TCL) agreed targets.
- Evaluates risks and develops security standards, procedures, and controls to manage risks.
- Ensuring any non-compliance, control under-performance or risk beyond appetite is appropriately recorded and effectively escalated for remediation.
- Maintain an up-to-date knowledge of Information Security trends and threats.
- Participate in the development of security awareness training in conjunction with other members of the Cyber Culture group.
- Provide support to all stakeholders on security controls covering internal assessments, regulations, protecting Personal Information (PI) data, and Payment Card Industry Data Security Standards (PCI DSS).
- Document and report control failures and gaps to stakeholders, provide remediation guidance and prepares management reports to track remediation activities.

**What is in it for me?**

You will play an important and significant part in the future of a business that has been around for 200 years. Our vision is to become one of the world's great service companies. So, we will back you in the development of your career, with internal career prospects and flexible working. You will also be backed by a fantastic team of people in a can-do, supportive structure.

Whatever shape your family takes, we offer generous paid and unpaid parental leave for your nominated primary and support carers. This includes leave to organise adoptions, surrogacy, and foster care arrangements.

**What do I need?**
- Technical understanding across a wide range of security domains is desirable, particularly continuous visibility/assessment of security controls.
- Working knowledge of common IT security-related regulations and/or standards such as NIST, Sarbanes-Oxley, ISO 27001, and CIS highly desired.
- Experience in information security, information technology, risk management, audit, or equivalent role with at least one industry certification (e.g., CISA, CISM, CRISC, CISSP, ISAAP) desired.
- Minimum 5 years' experience working in cybersecurity (conducting security control assessments) at a large-scale organisation preferred (such as IT, Compliance or Audit in a financial services or Telecommunications).
- Strong stakeholder management and building effective and trusted relationships.
- Strong oral and written communication skills with the ability to articulate technical information to audiences with various levels of technical knowledge, including the business.
- A self-starter with a High-level of attention to detail and with ability to work independently, multi-task and adjust to shifting priorities.
- Drives own learning, demonstrate curiosity by trying new things, and seeks feedback to improve and grow.
- Understand, apply, and maintain adherence to Code of Conduct to protect Westpac's license to operate and the interests of customers, communities, and each other.

**What is it like to work there?**

As well as competitive remuneration and a great culture, joining the Westpac family means you will get some of the best banking, wealth, and insurance benefits in the market.

We back our employees by helping them work towards industry-recognised qualifications, using online learning, training modules and career planning tools for you to grow with us. We will even pay you to do volunteer or community work.

We aim to provide one big, supportive team to help us achieve our purpose of creating better futures together. As well as competitive remuneration and a great culture, joining the Westpac family means you will have access to banking, wealth, a