About the Company
Our client is an energy exploration and production with onshore and offshore oil and gas production in five basins across Australia and New Zealand.
The company is headquartered in a great location in the Adelaide CBD.
About the role
We have an opportunity for an experienced IT professional to join the team in our Adelaide office. Reporting to the GM Information Technology, the Group IT Security Manager is responsible for information security which encompasses Security Risk Management & Governance, Technical Architecture and Security Operations.
The role will drive strategic and operational planning, manage strategic internal and vendor relationships, lead large security change initiatives, and manage financial performance. The role will also provide strong people leadership and proactively manage overall staff, contractor, and service provider performance to ensure successful outcomes.
- Providing expert guidance and counsel on cyber security, operational and strategic risk management, informed leadership and direction key stakeholders including the Board and the Executive.
- Providing vision, contemporary thought leadership and innovation in cyber security across IT and OT environments to support an efficient, cost effective and reliable IT and OT services that increase confidence in service and enable digital innovation across the business.
- Leading the identification of new and emerging cyber security threats, operating risks and monitor industry trends to understand how these may impact and provide expert direction on risk identification, mitigation and treatment responses.
- Operational and strategic management of the Cyber Security Management and IT Service Continuity Frameworks including formation and chairing of relevant governance committees, development and implementation of associated policies, processes and procedures.
- Leading the development of relevant frameworks, architecture, policies and standards relating to the effective use, service management, protection and operation of digital technologies including the provision of awareness across the organisation to ensure effective implementation.
- Taking responsibility for leading the cyber security capability, including organising and managing all resources (internal, contractors and services providers) to ensure effective service delivery.
- Providing oversight and management of cyber security events and incidents including the preparation and presentation of reports, provision of expert advice and guidance to minimise impact.
- Cultivating and sustaining strong relationships at strategic levels throughout the organisation, working in a collegial and collaborative manner with executives, and divisional leaders, internal and external to develop a comprehensive understanding of current and emerging business needs.
- Developing timely and actionable cyber security reporting including maintaining and developing metrics and measures in consultation with stakeholders to measure the effectiveness of controls.
- Maintaining up-to-date knowledge of cyber security developments, threats and advancements in relevant technology related products and services to identify and evaluate new technologies and approaches that support or advance business objectives.
Skills and experience
- 10+ years expertise in cyber security discipline within an enterprise environment of at least 1000+ active users.
- 5+ years demonstrable experience in a cyber security leadership or IT management role with expert knowledge across cyber security domains and new and emerging threats and risks.
- Expert knowledge in cyber security architecture and technology's, including key concepts and concepts: firewalls, intrusion detection, assessment tools, vulnerability management, attack simulation, encryption, certificate authority and others.
- Proven capability to define, develop and deliver contemporary and appropriate enterprise cyber security strategies and investment plans on a global scale that enable a well-governed and secure enterprise and cultivate the adoption of information security practices.
- Expert knowledge of cyber security and risk, information regulatory compliance, security architecture including knowledge of federal, state and industry information security standards (e.g. ISO 27001).
- Exceptional communication, facilitation, influencing and negotiation skills and demonstrated ability to adapt these to a diverse range of stakeholders and contexts, including senior management, Board and Executive.
- Demonstrated strong understanding of key security standards to ISO 27001:2013, NIST Cyber Security Framework, Australian Energy Sector Cyber Security Framework (AESCSF) (or equivalent Department of Energy C2M2 Standard) and others.
- Certified Information Systems Security Professional (CISSP) or equivalent certification with proof of currency.
For more information or a confidential discussion, please contact Jessica Gadsby on (08) 8112 7417 quoting reference 246679.
To apply please click the 'Apply Now' button.