Cyber Security

Company Description

Nine. Australia's Media Company.

Underpinned by our people, our strategic focus is on content, connections and growth.

Driven by our purpose - Australia belongs here - and guided by our values - walk the talk, turn over every stone, keep it human - we are the home of Australia's most loved content and trusted brands across News, Sport, and Entertainment.

We lead the total television market in Australia through our key brands of Channel 9, Gem, Go, Rush and Life, and of course you can consume all our content, live or on-demand, on Australia's leading free streaming platform, 9Now. We also own Stan, the market leading local subscription streaming service.

In our total audio business we are building talk radio for the next generation across 2GB, 3AW, 4BC and 6PR.

Nine is also an active participant in Australian consumer marketplaces through our majority shareholding in Domain and our ownership of Drive.

**Job Description**:
The Cyber Security team provides governance, audit, control, and operational Cyber Security capabilities to support business and operational objectives of the Nine group. Minimizing friction and managing appropriate risk are key tenets of the team. The Security team works closely with the Security Cloud Practice, Product Engineering, Network and Infrastructure and Services teams to collaboratively manage cyber controls.

This is a new but critical role for Nine working in a diverse and complex technology landscape. You will be working closely not only with other IT teams but also with key business stakeholders, Group Risk and Audit to ensure our systems and data remain safe by managing risk to an appropriate level.

The Cyber Risk Lead drives activities to ensure processes, policies and controls are aligned to industry standards and regulatory guidelines for information security and minimise the risk of sensitive business systems being compromised.

**Key accountabilities for this role**:

- Provide expertise on the development and support of all risk assurance activities, processes, and tools used for validating and ensuring data and systems protection.
- Responsible for monitoring the effectiveness of security controls, deviations from acceptable configurations, policies, or standards, and expertise in risk treatment management
- Lead mitigation analysis, working with the IT and Cyber Security team, making recommendations regarding risk prioritisation, mitigation and action plans
- Lead the monitoring and evaluation and tracking of security assurance activities (e.g. vulnerability management, penetration testing, third party assessments, audits and red teaming.
- Create and maintain regular reporting and communication re cyber risk status and posture.
- Demonstrated ability to identify key concepts, factors, of risks based on conversations and document them in clear and concise narrative or graphic reports.
- Contribute to business continuity and other emergency and recovery plans, ensuring such plans are tested in accordance with Nine frameworks.
- Drive a change in accountability in tech and business teams on risk ownership
- Train staff on various system threat mitigations

**Qualifications**:

- What we would like to see on your resume:_

**ESSENTIAL**
- Track record demonstrating years of experience in Tech Risk
- Strong background and experience in cyber risk and assurance, industry standards, methodologies and processes to identify, report and manage cyber risk
- Problem solving and analysis skills, with a high attention to detail
- Experience at working both independently and in a team-oriented, collaborative environment is essential
- Excellent communications skills both verbal and documented with the ability to lead and influence key stakeholders

**DESIRABLE**
- Bachelor's degree in computer science, Cyber Security, Information Security, Engineering, Information Technology, or relevant field; or track record of years of relevant work experience
- Cybersecurity and or risk certifications such as CISSP, CISM, CISA, CRISC, ISO, ITIL
- SME knowledge of advanced cybersecurity tools
- Sound knowledge of Cyber-attack tools and defenses
- Don't worry if you can't tick every single one of these boxes, we would still like to hear from you. With a_ _willingness to learn, a positive attitude and a growth mindset anything is possible at Nine_

Additional Information
**Life at Nine**:
Nine is a people business. Being part of the team means you'll be in a culture that promotes creativity and innovation, diversity and inclusion, is open to feedback, rewards impact and ensures everyone is heard. Importantly, you'll receive the following:

- Career development and quality training
- Up to 16 weeks paid primary carer's parental leave
- Discounts on lifestyle, entertainment, and leisure memberships, including health insurance, dental and gym
- Discounts on products and services with corporate partners

**Our Commitment to Diversity and Inclusion**:
**Discl