ICT Manager – Security & Risk
Up to $210,000 + super · Hybrid · 2 days in office · Brisbane local · 2 direct reports · Reports to CIO
The organisation
This is a large, community-based organisation operating at scale across Australia. The organisation manages sensitive personal data across a substantial and diverse stakeholder base and takes that obligation seriously. Security here is not a compliance checkbox. It is embedded in how the organisation operates, how it is governed, and how it maintains the trust of the people it serves.
ICT sits at the centre of a significant transformation agenda. This role has visibility, mandate, and executive backing.
The opportunity
This is a senior security leadership role for someone who knows what good looks like and can build the frameworks to prove it.
You will own the ICT Security Strategy end to end: governance frameworks, risk registers, security operations, SIEM and vulnerability management, compliance, and the MSSP relationship. You will be the security voice across a portfolio of major transformation programs. And there is real build work ahead, this is not a steady-state role.
Four priorities sit front and centre:
ISMS completion
— A partially-built Information Security Management System needs to be driven from its current state to full operation, aligned to ISO 27001.
Resilient Tech Foundations
— A major four-pillar security uplift program spanning devices, identity and access, information and data governance, and network and platform security.
Transformation advisory
— Active security leadership across ERP modernisation, people systems, and a high volume of change initiatives requiring a security lens.
Security culture at scale
— Building genuine cyber awareness across a large, non-technical, geographically distributed workforce.
What you'll be responsible for
Strategy & governance
- Own the ICT Security Strategy, aligned to ISO 27001, NIST, ASD Essential 8, and CIS 18 Controls
- Complete and operationalise the Information Security Management System
- Develop and maintain ICT Risk Registers with regular quarterly reviews
- Lead all internal and external audit activity — and own the close-out of recommendations
- Represent ICT in Business Continuity Management and Disaster Recovery planning
Security operations
- Oversee the Security Operations Centre — SIEM, SOAR, vulnerability management, and incident response — through the MSSP and in-house capability
- Manage the MSSP relationship commercially and operationally
- Ensure patching, backup testing, and penetration testing occur on schedule and to standard
- Maximise the organisation's investment in its SASE architecture and Microsoft Security & Compliance tooling
- Serve as the primary ICT point of contact on the Major Incident Response Team
People & culture
- Lead and develop 2 direct reports — an ICT Security Risk Specialist and an ICT Security, Risk & Compliance Analyst
- Build a cybersecurity awareness program that reaches 10,000+ staff.
- Operate as a visible, accessible security leader — getting into the business, building relationships, bringing stakeholders on the journey
- Contribute to the organisation's responsible AI governance framework
Commercial & financial
- Own the IT Security & Risk OPEX and CAPEX budgets
- Support PCI DSS compliance in partnership with Operations and Finance
- Embed security review and sign-off into major transformation programs
- Develop a scalable model for security advisory across a high-volume change portfolio
What you'll bring
- Governance depth that's lived, not theoretical. You've implemented ISO 27001, NIST, or ASD Essential 8 in a real organisation — not just advised on it.
- Regulated sector background. Financial services, insurance, health, utilities, or government — environments where compliance is non-negotiable and the stakes are real.
- Communication that spans the room. You can present to a board in the morning and make cybersecurity meaningful to frontline staff in the afternoon.
- SOC and MSSP experience. SIEM, vulnerability management, incident response — and the vendor management skills to hold external partners to account.
- People leadership. Experience managing and developing specialist security professionals, not just directing them.
- CISSP or CISM preferred — or equivalent demonstrable experience. CompTIA Security+ or SSCP considered.
- Minimum five years in a senior ICT management role.
- Bachelor's degree in Information Technology or related field, or equivalent experience.
- Brisbane-based.
The package
- Base salary: $210,000 – $220,000 + superannuation
- Hybrid flexible working — 2 days per week in the Brisbane office
