- Own vision and delivery of Queensland Rail’s enterprise security and governance
- Strengthen cyber resilience through strategic uplift, risk leadership, and assurance
- Trusted advisor to board and executive on threats, risks, and investment
About Queensland Rail
Queensland Rail has been connecting communities since 1865 while supporting local jobs, industries, and economies. Queensland Rail respectfully acknowledges the Traditional Owners and Elders of the lands and waterways on which their network sits, and on those lands and waterways for over 150 years, Queensland Rail’s teams have built a network that connects communities.
Our 8,000-strong workforce delivers travel, tourism and freight services across Queensland Rail’s South East Queensland (SEQ) and Regional networks, and is committed to providing world-class rail services for customers that are safe and reliable. With total assets over $9 billion and a network that extends more than 6,600 kilometres across the state, the organisation aims to deliver efficient and sustainable services that create value for customers and Queenslanders.
Queensland Rail has an incredibly bright and exciting future ahead. Our purpose is to connect communities and our vision is to deliver world-class rail services for our customers. In the lead up to 2032, Queensland Rail will integrate more than $20 billion of new assets, delivering more trains, new and upgraded stations, and, ultimately, better services for our customers.
About the role
Reporting to the Group Executive Digital and Information, the Group Senior Manager, Information Security & Governance / CISO is responsible for leading the long-term development, implementation, and continuous improvement of a comprehensive information and digital security program. Queensland Rail is currently progressing through a well-supported security uplift, targeting Essential Eight maturity Level 1 across both IT and OT environments, with a clear pathway to Level 2.
You will own and drive the security roadmap, articulating a clear and compelling vision to the Board and executive leadership team while guiding the organisation through a complex and critical transformation. This role requires proactive engagement with senior stakeholders, including regular briefings on emerging threats, program progress, and the strategic rationale for continued investment.
In addition, you will maintain an Information Security Management System (ISMS) aligned with regulatory requirements, lead enterprise risk management and assurance activities, and foster a team culture built on accountability, resilience, and continuous improvement.
About You
You are a credible and forward-thinking security leader who combines deep technical expertise with strong executive presence. You bring strong defensive leadership in the face of rapidly evolving threat vectors, with particular depth in addressing AI-driven attacks, sophisticated social engineering, third-party ecosystem risk, and emerging cryptographic challenges.
You have demonstrated experience leading significant cyber security uplift initiatives, ideally across both IT and OT environments, and understand the complexity and stakeholder engagement required to deliver sustained change.
You bring a proven ability to develop and communicate a clear security roadmap to executive and Board audiences, translating technical risk into meaningful business outcomes and building confidence in the organisation’s security posture. Your experience includes leading through periods of transformation and managing complex risk environments while maintaining trust and momentum.
Your approach is underpinned by strong knowledge of industry frameworks such as Essential Eight, IS18, ISO/IEC 27001, GASSP, and NIST, ensuring alignment with best practice and regulatory expectations. You lead with integrity and align strongly to values-based, high-performing cultures.
The Benefits
This is a permanent leadership opportunity within a critical function that has organisation-wide impact. The role offers a competitive remuneration package and is based in Brisbane CBD.
You will play a key role in protecting and strengthening the digital and information assets of an organisation that Queenslanders rely on every day. You will also be part of a collaborative and values-driven environment that supports people to perform at their best. Queensland Rail is an equal opportunity employer committed to fostering an inclusive workplace where everyone can thrive.
To view the Success Profile for this opportunity, please copy and paste the following link into your browser: https://tinyurl.com/4vzn6n23
For a confidential discussion or further information please contact Patrick Donnelly on 0424 837 944 or Emma Wallace on 0432 060 301.
Davidson acknowledges the Traditional Custodians of the lands on which we work and live. We are also committed to equal opportunity and strive to promote diversity, inclusion, belonging, flexibility, and accessibility in all that we do.
Should you require assistance in your interactions with us or through a recruitment process, please let us know so we can provide adjustments for you.
