Cyber Security & Tech Risk Lead

Company Description

Nine. Australia’s Media Company.

Underpinned by our people, our strategic focus is on content, connections and growth. 

Driven by our purpose - Australia belongs here - and guided by our values - walk the talk, turn over every stone, keep it human - we are the home of Australia’s most loved content  and trusted brands across News, Sport, and Entertainment. 

We lead the total television market in Australia through our key brands of Channel 9, Gem, Go, Rush and Life, and of course you can consume all our content, live or on-demand, on Australia’s leading free streaming platform, 9Now. We also own Stan, the market leading local subscription streaming service.

Our total publishing business covers The Sydney Morning Herald, The Age, The Australian Financial Review, to the breadth of nine.com.au and The Pedestrian Group. 

In our total audio business we are building talk radio for the next generation across  2GB, 3AW, 4BC and 6PR. 

Nine is also an active participant in Australian consumer marketplaces through our majority shareholding in Domain and our ownership of Drive.

Job Description

The Cyber Security team provides governance, audit, control, and operational Cyber Security capabilities to support business and operational objectives of the Nine group. Minimizing friction and managing appropriate risk are key tenets of the team. The Security team works closely with the Security Cloud Practice, Product Engineering, Network and Infrastructure and Services teams to collaboratively manage cyber controls.

This is a new but critical role for Nine working in a diverse and complex technology landscape. You will be working closely not only with other IT teams but also with key business stakeholders, Group Risk and Audit to ensure our systems and data remain safe by managing risk to an appropriate level.

The Cyber Risk Lead drives activities to ensure processes, policies and controls are aligned to industry standards and regulatory guidelines for information security and minimise the risk of sensitive business systems being compromised.

Key accountabilities for this role:

• Provide expertise on the development and support of all risk assurance activities, processes, and tools used for validating and ensuring data and systems protection.
• Responsible for monitoring the effectiveness of security controls, deviations from acceptable configurations, policies, or standards, and expertise in risk treatment management
• Lead mitigation analysis, working with the IT and Cyber Security team, making recommendations regarding risk prioritisation, mitigation and action plans
• Lead the monitoring and evaluation and tracking of security assurance activities (e.g. vulnerability management, penetration testing, third party assessments, audits and red teaming.
• Create and maintain regular reporting and communication re cyber risk status and posture.
• Demonstrated ability to identify key concepts, factors, of risks based on conversations and document them in clear and concise narrative or graphic reports.
• Contribute to business continuity and other emergency and recovery plans, ensuring such plans are tested in accordance with Nine frameworks.
• Drive a change in accountability in tech and business teams on risk ownership
• Train staff on various system threat mitigations
• Plan and oversee digital hygiene and risk score eg; secure email management, EDR, firewall systems, service monitoring, and patching procedures

Qualifications

What we would like to see on your resume: 

ESSENTIAL

• Track record  demonstrating years of experience in Tech Risk
• Strong background and experience in cyber risk and assurance, industry standards, methodologies and processes to identify, report and manage cyber risk
• Knowledge and understanding of IT Security principles associated with networks, internet, email, operating systems, firewalls, VPNs, databases, virus management, intrusion detection, cryptography and e-commerce, with some expertise/specialization in several of these fields highly regarded
• Problem solving and analysis skills, with a high attention to detail
• Experience at working both independently and in a team-oriented, collaborative environment is essential
• Excellent communications skills both verbal and documented with the ability to lead and influence key stakeholders

DESIRABLE

• Bachelor's degree in computer science, Cyber Security, Information Security, Engineering, Information Technology, or relevant field; or track record of years of relevant work experience
• Cybersecurity and or risk certifications such as CISSP, CISM, CISA, CRISC, ISO, ITIL
• SME knowledge of advanced cybersecurity tools
• Sound knowledge of Cyber-attack tools and defenses

Don’t worry if you can’t tick every single one of these boxes, we would still like to hear from you. With a willingness to learn, a positive attitude and a growth mindset anything is possible at Nine!

Additional Information

Life at Nine: 

Nine is a people business. Being part of the team means you’ll be in a culture that promotes creativity and innovation, diversity and inclusion, is open to feedback, rewards impact and ensures everyone is heard. Importantly, you'll receive the following:

• Career development and quality training
• Up to 16 weeks paid primary carer’s parental leave
• Discounts on lifestyle, entertainment, and leisure memberships, including health insurance, dental and gym
• Discounts on products and services with corporate partners

Our Commitment to Diversity and Inclusion:

At Nine, we are committed to fostering a workforce that embraces all aspects of diversity and inclusion and where practices are equitable to ensure our people experience a sense of belonging. From day one, you'll be encouraged to bring your whole self to work and will be supported to perform at your best. Should you require any adjustments to the recruitment process in order to equitably participate, we encourage you to advise us at the time of application.

We encourage applications from Aboriginal and Torres Strait Islander people, people with disabilities, and of all ages, nationalities, backgrounds and cultures.

Disclaimer: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.

#LI-Hybrid