ITSS Information Security and Risk Manager

The purpose of the role is to ensure that IT security policies, processes and mechanisms in place are appropriate to minimise risk for WorkSafe/TAC, are well articulated and socialised, and are complied with.

The role will manage the design, coordination, implementation and maintenance of IT related policies with respect to security, risk and compliance management.

Primary responsibilities and accountabilities of this role are:

• Ongoing development and maintenance (in some cases through external service provision) of IT security policies, guidance material and security response plans relevant to WorkSafe/TAC and in accordance with industry standards or best practise.
• Ensure that processes and mechanisms are in place to monitor or enforce compliance with security policy and to address instances of non compliance.
• Manage the socialisation of WorkSafe/TAC security policy through education, awareness campaigns, preparation and presentation of guidance notes, accessibility of policy material etc.
• Manage the interactions between ITSS and WorkSafe/TAC corporate security, audit and risk management services.
• Manage the provision of security services (including regular audits and security tests) by external providers to ensure that they are accurate, meet requirements and service levels, and provide good value.
• Establish and manage a governance framework which ensures that all IT changes (including development or procurement of new solutions and security administrative process change) are properly assessed for risk and are treated for security accordingly.
• Be the authoritative reference point for all matters relating to IT risk management and security. Advise decisions on security and contribute to IT strategic forums.
• Maintain a strong understanding of current industry directions and best practice relating to security, risk management and regulatory compliance by attending industry forums, participating in Whole of Victorian Government forums, participating in communities of interest etc.

• Strong background in broad IT security related discipline in a complex technology environment similar to TAC/WorkSafe.
• Preference for CISSP certification or equivalent/similar industry certification/s.
• Technical knowledge and expertise in Risk & Compliance management.
• Demonstrated ability to liaise with external and internal stakeholders, providing excellent customer service.
• Strong communication and documentation skills.
• Strong understanding of contemporary security treatments.
• Strong influencing and interpersonal skills.
• Strong organisational and activity management skills.
• Experience in dealing with external provision of security services.
• Ability to work independently and also to work as part of a team.
• Strong investigative skills.
• Very high levels of personal integrity.
• Good knowledge of the regulatory compliance landscape.