Information Security Risk and Assurance Manager

Melbourne, VIC


HESTA Super Fund is the Australian industry superannuation fund for people working in health and community services. Become a member today.

View company page

Be inspired everyday 


At HESTA we’re a leading national superannuation fund dedicated to people working in health and community services – a growing sector of ordinary people doing extraordinary things, day in day out, right across Australia. 


More than 1 million Australians trust HESTA with their money. So together, we invest billions of their savings globally, striving to generate strong investment returns and make a real difference to their financial futures. Our focus is on helping our members enjoy the retirement they’ve worked hard for.   


  • Do you have a passion for information and cyber security? 
  • Do you want to be part of a talented team and a unique opportunity that blends leadership and technical skills?  


Our business is rapidly transforming and our information security capability is growing.   


The opportunity


Reporting directly into the GM Information Security, this critical leadership role will oversee and implement robust information security governance, risk, and assurance practices through management of HESTA’s Information Security Management System (ISMS).  


This role will lead the uplift of maturity and operations of HESTA’s Information Security Governance, Risk and Assurance Framework and team, and contribute to the delivery of HESTA’s information security program, strategy implementation, key initiatives and priorities. 


This includes maintaining and evolving an ISO27001 based ISMS framework, ensuring alignment with the organisation's security objectives, regulatory obligations, and risk appetite. 


You will play a vital part in making sure information security is implemented and operated in the way it should be, adhering to regulatory requirements as well as our own policies, standards and procedures, to keep us in check and secure! 


About you 


You have significant experience in a similar information security leadership role, preferably within a highly regulated industry like financial services. You will have demonstrated experience in security risk management at strategic and operational levels and extensive experience with developing, implementing and overseeing information security policy and control frameworks. Critical thinking,   outstanding communication and stakeholder management skills are key.  You’ll work well under pressure and be capable of dealing with multiple priorities. What’s most important is the positive, creative and collaborative energy you bring to work each day.  We’re eager for the right person to join our team so if this all sounds like you, don’t delay in submitting your application! 


You will be a seasoned Information Security leader that has built and lead security risk and assurance teams. You will have experience working with or working knowledge of governance tools such as One Trust or Archer GRC, and a working understanding of enterprise operations that span across Public Cloud environments, and security principles across Iaas, PaaS and SaaS. This role will also develop, govern and oversee technical security assurance capabilities across penetration testing, vulnerability management, and security controls testing.  


You will have a strong understanding of security obligations for APRA regulated entities, experience and knowledge of security standards and frameworks such as NIST Cybersecurity Framework, ISO27001/2,  including security controls and compliance requirements.  


You will be agile in your approach, embrace impactful leadership and develop your team to be the best they can be. You will work collaboratively with key stakeholders to ensure outcomes are achieved and provide leadership and support to ensure a strong security posture is achieved and maintained in alignment with the HESTA’s Information Security Strategy. 


For a position description please email Jamila Malkoun  


We will leave all the ‘work you’ll be doing’ stuff in the PD but here’s a few things that you’ll get to enjoy working at HESTA: 


  • Your leave and time off matters, up to 6 days paid volunteer leave, up to an additional 5 days of leave over the end of year and new year period, access your LSL after 3 years!  Take AL at half pay, and purchase up to 2 weeks additional leave  
  • Your professional development matters, up to $5k per year professional development and up to 8 days professional development leave, HESTA scholarships and free access to a range of premium learning tools 
  • Your health and wellbeing matters, free annual flu shots and skin checks, incredible social events throughout the year and a comprehensive employee assistance program available 24/7 
  • Your financial wellbeing matters, financial planning support, end of year payment for all Enterprise Agreement-covered employees, incentivised Employee Referral Program and novated lease options  


HESTA is a great place to work but don’t take our word for it, we were named (again!) Employer of Choice for Gender Equality 2022.  


We celebrate, value and include people of all backgrounds, genders, identities, cultures and abilities. We welcome and support applications from First Nations people, physically, neuro or culturally diverse, LGBTQI+, and people of any age. 


We want all candidates to feel safe, included and provided with the best opportunity to thrive, if you require reasonable adjustments during your application or throughout the recruitment process, please reach out to a member of the Talent team and we’ll call you to discuss.  


We will be reviewing application as they come in so if you are interested don’t delay as the position will be closed off as soon as we find the right person. 


Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile Cloud Compliance Governance IaaS ISMS ISO 27001 NIST PaaS Pentesting Risk management SaaS Security strategy Strategy Vulnerability management

Perks/benefits: Career development Team events

Regions: Asia/Pacific Europe
Country: Australia
Job stats:  8  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.