JOB DETAILS

We’re looking for an experienced cybersecurity professional to take ownership of governance, risk, and compliance activities across a large and complex organisation. You’ll work closely with the CISO to shape and protect our cyber posture — and you’ll have the confidence to operate with real autonomy from day one.

About the role Reporting directly to the CISO, you will:

• Provide governance input into cybersecurity initiatives, projects, and operational activities
• Lead preparation of papers, briefings, and executive-level updates for the CISO
• Drive follow-up actions from the recent NIST Cybersecurity Framework Assessment
• Own and resolve the ServiceNow Cyber governance queue
• Maintain and update enterprise and ICT cybersecurity risk registers
• Review and update cybersecurity policies, risk statements, controls, and treatment plans
• Prepare reporting for the Audit and Risk Committee
• Manage the vulnerability management process and associated reporting
• Update existing Information Security Directives and draft new ones as required
• Provide broad advice and support across daily CISO Office operations

What you’ll bring

• Deep knowledge of NIST CSF — with familiarity across other major frameworks
• 4–6 years of hands-on experience — in cybersecurity governance, risk, assurance, and compliance
• Higher education or public sector experience — (mandatory — this is a complex stakeholder environment)
• Proven ability to operate independently — as a self-starter with minimal guidance
• Strong working knowledge of IS policy frameworks — able to adapt good practice to our directives
• Experience with audits, strategy, policy, and assurance programs — including governance reporting
• Executive-level written and verbal communication skills — you’ll be producing board-ready outputs
• Working knowledge of Jira, ServiceNow, and Protecht — (or similar GRC platforms)

Look forward to receiving your application and talking about this in more detail with you.