Cyber Security & Tech Risk Lead
North Sydney, Australia
Company Description
Nine. Australia’s Media Company.
Underpinned by our people, our strategic focus is on content, connections and growth.
Driven by our purpose - Australia belongs here - and guided by our values - walk the talk, turn over every stone, keep it human - we are the home of Australia’s most loved content and trusted brands across News, Sport, and Entertainment.
We lead the total television market in Australia through our key brands of Channel 9, Gem, Go, Rush and Life, and of course you can consume all our content, live or on-demand, on Australia’s leading free streaming platform, 9Now. We also own Stan, the market leading local subscription streaming service.
Our total publishing business covers The Sydney Morning Herald, The Age, The Australian Financial Review, to the breadth of nine.com.au and The Pedestrian Group.
In our total audio business we are building talk radio for the next generation across 2GB, 3AW, 4BC and 6PR.
Nine is also an active participant in Australian consumer marketplaces through our majority shareholding in Domain and our ownership of Drive.
Job Description
The Cyber Security team provides governance, audit, control, and operational Cyber Security capabilities to support business and operational objectives of the Nine group. Minimizing friction and managing appropriate risk are key tenets of the team. The Security team works closely with the Security Cloud Practice, Product Engineering, Network and Infrastructure and Services teams to collaboratively manage cyber controls.
This is a new but critical role for Nine working in a diverse and complex technology landscape. You will be working closely not only with other IT teams but also with key business stakeholders, Group Risk and Audit to ensure our systems and data remain safe by managing risk to an appropriate level.
The Cyber Risk Lead drives activities to ensure processes, policies and controls are aligned to industry standards and regulatory guidelines for information security and minimise the risk of sensitive business systems being compromised.
Key accountabilities for this role:
- Provide expertise on the development and support of all risk assurance activities, processes, and tools used for validating and ensuring data and systems protection.
- Responsible for monitoring the effectiveness of security controls, deviations from acceptable configurations, policies, or standards, and expertise in risk treatment management
- Lead mitigation analysis, working with the IT and Cyber Security team, making recommendations regarding risk prioritisation, mitigation and action plans
- Lead the monitoring and evaluation and tracking of security assurance activities (e.g. vulnerability management, penetration testing, third party assessments, audits and red teaming.
- Create and maintain regular reporting and communication re cyber risk status and posture.
- Demonstrated ability to identify key concepts, factors, of risks based on conversations and document them in clear and concise narrative or graphic reports.
- Contribute to business continuity and other emergency and recovery plans, ensuring such plans are tested in accordance with Nine frameworks.
- Drive a change in accountability in tech and business teams on risk ownership
- Train staff on various system threat mitigations
- Plan and oversee digital hygiene and risk score eg; secure email management, EDR, firewall systems, service monitoring, and patching procedures
Qualifications
What we would like to see on your resume:
ESSENTIAL
- Track record demonstrating years of experience in Tech Risk
- Strong background and experience in cyber risk and assurance, industry standards, methodologies and processes to identify, report and manage cyber risk
- Knowledge and understanding of IT Security principles associated with networks, internet, email, operating systems, firewalls, VPNs, databases, virus management, intrusion detection, cryptography and e-commerce, with some expertise/specialization in several of these fields highly regarded
- Problem solving and analysis skills, with a high attention to detail
- Experience at working both independently and in a team-oriented, collaborative environment is essential
- Excellent communications skills both verbal and documented with the ability to lead and influence key stakeholders
DESIRABLE
- Bachelor's degree in computer science, Cyber Security, Information Security, Engineering, Information Technology, or relevant field; or track record of years of relevant work experience
- Cybersecurity and or risk certifications such as CISSP, CISM, CISA, CRISC, ISO, ITIL
- SME knowledge of advanced cybersecurity tools
- Sound knowledge of Cyber-attack tools and defenses
Don’t worry if you can’t tick every single one of these boxes, we would still like to hear from you. With a willingness to learn, a positive attitude and a growth mindset anything is possible at Nine!
Additional Information
Life at Nine:
Nine is a people business. Being part of the team means you’ll be in a culture that promotes creativity and innovation, diversity and inclusion, is open to feedback, rewards impact and ensures everyone is heard. Importantly, you'll receive the following:
- Career development and quality training
- Up to 16 weeks paid primary carer’s parental leave
- Discounts on lifestyle, entertainment, and leisure memberships, including health insurance, dental and gym
- Discounts on products and services with corporate partners
Our Commitment to Diversity and Inclusion:
At Nine, we are committed to fostering a workforce that embraces all aspects of diversity and inclusion and where practices are equitable to ensure our people experience a sense of belonging. From day one, you'll be encouraged to bring your whole self to work and will be supported to perform at your best. Should you require any adjustments to the recruitment process in order to equitably participate, we encourage you to advise us at the time of application.
We encourage applications from Aboriginal and Torres Strait Islander people, people with disabilities, and of all ages, nationalities, backgrounds and cultures.
Disclaimer: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.
#LI-Hybrid
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISSP Cloud Computer Science CRISC Cryptography E-commerce EDR Firewalls Governance Intrusion detection ITIL Monitoring Pentesting Red team VPN Vulnerability management
Perks/benefits: Career development Health care Parental leave Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs