Head of Security Advisory & Engagement

The role

The Head of Security Advisory and Engagement is a pivotal senior leadership role focused on positioning security as a business enabler through proactive customer engagement.

This role is responsible for consolidating all security initiatives, ensuring integration and dependency management, and leading internal customer security efforts. The incumbent will oversee security risk assessments, assurance management, and the close integration of security controls throughout the project and business-as-usual (BAU) lifecycles.

The team

The Security team sits within the Data, Technology and Security (DTS) division and with a new CISO recently started, the team is going through uplift. The Security team manages cyber, information and personnel security aligning with the Protective Security Policy Framework (PSPF). The team works in a highly collaborative manner with a wide range of stakeholders at all levels of the organisation to develop, communicate and implement the security strategy and governance arrangements.

Key responsibilities

• Customer Facing Engagement: Lead internal customer engagements with a focus on demonstrating security as a business enabler and business value alongside government security requirements (PSPF, Essential 8 and ISM)
• Customer Security Risk Assessments: Conduct and manage internal customer security risk assessments (across the spectrum of physical, personnel and cyber/information security) to identify and mitigate potential threats. Collaborate with Security Strategy, Governance & Privacy team to ensure risks are documented, tracked and reported
• Assurance Management: Develop and manage the security controls framework, assurance framework and lead assurance activities (e.g. IRAP assessments, penetration testing) to validate the effectiveness of security controls and ensure integration into secure by design lifecycle. Work closely with other security heads on reporting and tracking completion
• Security Culture and Awareness: Lead the development and execution of an engaging and comprehensive plan for security cultural change and awareness improvements. Ensure cohesive cultural change and communications are incorporated across all business projects and BAU activities
• High Performing Team: Work with the CISO, Executive Director of Technology & Data, CDO, CIO and Senior Manager peers to build a cohesive and collaborative high performing leadership and teams.

About you

The successful candidate will possess prior experience in an equivalent head of security leadership role, with extensive experience in security advisory, cultural change management and customer engagement roles. Coupled with experience in risk assessment, assurance management, and security controls integration. Prior experience in formal consulting environments is highly desirable.

Technical Skills:

• In-depth knowledge of Australian government security frameworks, standards, and best practices (i.e. PSPF, ISM and Essential 8)
• Proficiency in security risk assessment and management tools
• Proficiency in assurance activities such as penetration testing and compliance frameworks (e.g., IRAP, third party assurance)
• Strong understanding of security controls and Secure by Design principles.

Soft Skills:

• Excellent leadership and team management abilities. Consultative, collaborative and a proactive team player
• Strong analytical and problem-solving skills
• Ability to think strategically and make clear and immediate data-driven decisions
• Exceptional stakeholder engagement and relationship skills, highly adept in managing a diverse group of senior stakeholders and relationships
• Highly developed executive communication, leadership, negotiation, conflict resolution and interpersonal skills and the ability to represent APRA's view in a highly professional and sensitive manner. The ability to translate complex technical issues into plain language
• Sees security as a business enabler with a strong ability to take a risk-based approach to security requirements.

To work with us, you need to be an Australian citizen with eligibility to gain NV1 security clearance.

About APRA

The Australian Prudential Regulation Authority (APRA) places you at the heart of Australia's financial services industry. APRA serves the Australian community by helping ensure financial institutions deliver on the financial commitments they make, within a stable, efficient and competitive financial system.

At APRA we're committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought, and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. When applying, please inform us of any adjustments you may need during the interview process.