Head of Security Strategy, Governance & Privacy

The role 

The Head of Security Strategy, Governance, and Privacy is a pivotal senior leadership role responsible for developing and implementing comprehensive security strategies, ensuring robust governance frameworks, and overseeing privacy compliance.  

This role involves planning for future security needs, managing existing risks, and leading compliance efforts to protect APRA’s assets, people and data. 

The team

The Security team sits within the Data, Technology and Security (DTS) division and with a new CISO recently started, the team is going through uplift.

The Security team manages cyber, information and personnel security aligning with the Protective Security Policy Framework (PSPF). The team works in a highly collaborative manner with a wide range of stakeholders at all levels of the organisation to develop, communicate and implement the security strategy and governance arrangements. 

Key responsibilities 

• Security Plan and Strategy Management: Develop and implement security strategies that align with organisational goals and government requirements
• Cross-Security Team Operational Leadership: Lead operational security team activities including cross-security team process improvement, resourcing management, budget and operational efficiencies
• Security and Privacy Governance: Oversee policies and practices to ensure compliance with relevant laws, government policies and regulations. Lead security governance integration into existing forums and develop and execute governance approaches for identified gaps
• Security Risk Management & Monitoring: work with other Security heads and cross-teams to lead the identification, assessment, tracking, management, exceptions and reporting of security risks, issues and progress, ensuring continuous monitoring and improvement
• Security Metrics and Reporting: Develop and maintain security metrics to measure the effectiveness of security activities and programs and report on security posture to senior management and other key stakeholders
• High Performing Team: Work with the CISO, Executive Director Technology & Data, CDO, CIO and Senior Manager peers to build a cohesive and collaborative high performing leadership and teams. 

About you 

The successful candidate will possess prior experience in an equivalent head of security leadership role, with an extensive background in security strategy, governance, and/or privacy management. The incumbent will demonstrate: 

• Proven track record of leading security initiatives and managing compliance requirements
• Experience in risk management, policy development and security metrics
• Experience with cyber risk quantification (e.g. FAIR)
• Experience with cross-security team operational management (e.g. budget, processes, resourcing). 

Technical Skills: 

• In-depth knowledge of Australian government security frameworks, standards, and best practices (i.e. PSPF, ISM and Essential 8)
• Proficiency in security risk assessment and management tools
• Familiarity with privacy regulations (e.g., Australian Privacy Act) and compliance requirements
• Strong understanding of security technologies and best practices, and ability to develop a cohesive security strategy and plan. 

Soft Skills: 

• Excellent leadership and team management abilities. Consultative, collaborative and a proactive team player
• Strong analytical and problem-solving skills
• Ability to think strategically and make clear and immediate data-driven decisions
• Exceptional stakeholder engagement and relationship skills, highly adept in managing a diverse group of senior stakeholders and relationships
• Highly developed executive communication, leadership, negotiation, conflict resolution and interpersonal skills and the ability to represent APRA’s view in a highly professional and sensitive manner. The ability to translate complex technical issues into plain language.
• Sees security as a business enabler with a strong ability to take a risk-based approach to security requirements.  

To work with us, you need to be an Australian citizen with eligibility to gain NV1 security clearance. 
 
About APRA 

The Australian Prudential Regulation Authority (APRA) places you at the heart of Australia’s financial services industry. APRA serves the Australian community by helping ensure financial institutions deliver on the financial commitments they make, within a stable, efficient and competitive financial system.  

At APRA we’re committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought, and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. When applying, please inform us of any adjustments you may need during the interview process.