Cyber Sec Governance

**Job no**: 528006
**Work type**: full time
**Location**: Sydney, NSW
**Categories**: Information Technology, Cyber
- Employment Type: full time continuing role as a Cyber Security Governance and Compliance Manager
- Excellent salary package including superannuation
- Location: UNSW Kensington Campus (Hybrid Working Opportunities)

**About UNSW**:
UNSW isn't like other places you've worked. Yes, we're a large organisation with a diverse and talented community, a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. If you want a career where you can thrive, be challenged and do meaningful work, you're in the right place.

**Accountabilities**:

- Lead the strategic oversight and continuous improvement of the cyber security policy framework, ensuring alignment with industry standards and regulatory requirements.
- Develop, implement and maintain cyber security policies, standards, and guidelines in response to emerging risks and changes in the threat landscape.
- Lead the quarterly Cyber Security Standards Review process, ensuring policies and standards remain current and relevant to organisational needs.
- Oversee the operationalisation and effectiveness of the policy compliance attestation process, ensuring compliance across the University.
- Manage security baselines and associated policies, ensuring their alignment with the organisation's security posture and strategic goals.
- Lead the development and implementation of cyber security compliance strategy and framework, ensuring ongoing compliance with DISP, SOCI, ISO 27001, and other regulatory requirements.
- Oversee bi-annual compliance assessments, ensuring that findings are reported, agreed, and remediated through strategic action plans.
- Provide leadership and support for the DISP accreditation and ISO 27001 certification processes, ensuring full compliance and successful certification.
- Manage the University's compliance with the Security of Critical Infrastructure Act (SOCI) and ensure that PCI-related obligations are continuously met.
- Ensure that all regulatory requirements are tracked, monitored, and integrated into the University's broader cyber security governance strategy.
- Oversee internal and external audit engagements, including NSW Audit Office audits, DISP, SOCI, and other compliance audits, ensuring that all requirements are met, and corrective actions are implemented.
- Lead the strategic coordination of cyber security insurance audits and renewals, ensuring all necessary documentation and compliance requirements are fulfilled.
- Establish and manage key operational metrics for monitoring cyber security audit and insurance processes, ensuring continuous improvement and accountability.
- Lead and mature the Cyber Security GRC (Governance, Risk, and Compliance) Communities of Practice, fostering collaboration and best practice sharing across faculties and divisions.
- Represent the cyber security function at key governance forums, such as the weekly Change Advisory Board (CAB) and monthly Business Partners (BP) forums, ensuring cyber security governance is integrated into decision-making processes.
- Lead the strategic maturity uplift of the Cyber Security Exemption Process, ensuring that all exemptions are justified, managed, and periodically reviewed for ongoing relevance.
- Provide strategic cyber security consulting and advisory services to the Cyber Security Enablement Program and other key initiatives across the University, ensuring alignment with governance and compliance standards.
- Oversee the management of the Security Service Catalogue, ensuring it is regularly updated and accessible.
- Oversee and manage the Asset register in Cyber Security GRC Platform, ensuring all new assets are properly assessed and approved within the cyber security governance framework.
- Align with and actively demonstrate the Code of Conduct and Values
- Ensure hazards and risks psychosocial and physical are identified and controlled for tasks, projects, and activities that pose a health and safety risk within your area of responsibility.

**Who you are**:

- Relevant tertiary qualification with extensive experience (7+ years) in cyber security governance, risk management, and compliance, or equivalent competence gained through any combination of education, training and experience.
- Strong knowledge and experience with compliance frameworks, including DISP, SOCI, ISO 27001, PCI-DSS, and other relevant regulatory requirements.
- Proven track record of managing cyber security audits and certifications, with experience coordinating both internal and external audit activities.
- Demonstrated leadership in developing and enforcing cyber security policies, standards, and regulatory requirements across complex organisations.
- Strong strategic and project management skills, with the ability to lead multiple governa