Cyber Security GRC Manager

Your new company

SA Water is a successful, modern water utility that is wholly owned by the Government of South Australia. They employ more than 1,600 people across a broad range of disciplines who operate more than $14 billion of assets, delivering essential water and sewerage services to more than 1.8 million South Australians.

Your new role

SA Water are seeking a Cyber Security GRC Manager who will direct the development and supervision of their Cyber Security Governance, Risk, and Compliance (Cyber GRC) team, services, and capabilities. The role requires you to manage technology risk and fulfill compliance obligations as a critical infrastructure business operating state-wide.

Key role requirements:

• Manage Cyber Security governance, risk, and compliance (GRC) services and activities to effectively identify, assess, and manage cyber security risks across the organisation, in alignment with the Corporate Risk Management Framework.
• Lead enterprise cyber security planning to achieve business goals safely by prioritising cyber defence initiatives, increasing business focus on cyber security, deploying, and managing current and future cyber security technologies.
• Develop and communicate cyber security policies, strategies, plans, current cyber threat and risk profile and maturity to executive team, employees, partners, customers, and stakeholders.
• Manage the team that provide specialist cyber security advice to SA Water staff and external vendors.
• Lead and manage the organisation’s Cyber Security Compliance Assurance program, scope of which includes meeting cyber security related SoCI obligations, internal assessments, and facilitating audits and assurance of cyber security activities and objectives.
• Manage the Cyber Security Awareness program and the team responsible for this program this includes.
• Lead and oversee the administration of the Cyber Security Third Party Risk Management function and services.
• Identify and classify information and technology assets to ensure protections are commensurate with the value of the asset and recommend appropriate cyber security risk treatments for them.
• Direct and deliver Cyber GRC assessments, acting as a business partner and internal trusted advisor.
• Monitor external and internal cyber security threats and update inherent risk ratings in a timely manner.
• Support SA Water’s Cyber Security team and organisation as Acting CISO in the event required.

What you'll need to succeed

• Significant working knowledge of the laws, policies, and standards applicable to cyber security, privacy, cyber risk management, and cyber security aspects of protecting critical infrastructure with demonstrable experience interpreting obligations into cyber security practices and delivery within an organisation or enterprise.
• Experience developing and maintaining Information Security Management Systems using recognised formal Cyber Security Frameworks or similar continuous improvement cyber security frameworks in the context of large, complex organisations (e.g., NIST, Essential 8, ISO 27000 etc).
• Proven leadership skills to lead a team of specialists, and influence people at all levels internally and externally.
• Demonstrated ability to conceptualise, launch and deliver multiple initiatives with complex interdependencies on time and within budget, supported by strong problem solving and analytical capabilities.
• Proven experience with delivering Cyber GRC services across various security technologies, including technologies such as firewalls and network based cyber security controls, intrusion detection systems, anti-malware, EDR/XDR systems, web and cloud-based cyber security controls, modern identity security systems, log management, and content filtering.
• Relevant Cyber Security certifications (e.g., CISM, CISSP, CRISC etc).

What you'll get in return

• Competitive salary and a relocation package on offer for interstate candidates.
• Flexible work arrangements (3 days in the office, 2 WFH).
• Have your work matter! Work as part of a close-knit team that has high visibility in the organisation.
• Lead and manage an experienced GRC team who are highly engaging and motivated!

What you need to do now

If you have the necessary experience as a Cyber Security GRC Manager then please apply via the link below with your CV, cover letter and response to the selection criteria (please request a copy of the PID) or contact Tishan Gamage on Tishan.Gamage@hays.com.au or +61 3 9604 9518 now.