About the Role:
The Chief Information Security Officer (CISO) is a senior executive responsible for establishing and maintaining the enterprise information security strategy and program. The CISO’s primary purpose is to safeguard the organisation’s information by developing and implementing a comprehensive information security strategy and risk management plan that aligns with business objectives, regulatory and compliance requirements and industry best practices.
This role requires significant leadership capability in connecting and collaborating with key stakeholders, leading transformational change, and in building relevant capability within the team and externally, in accordance with SLSQ’s objectives. The CISO will lead the information security strategy, develop security policies, standards, procedures, risk and compliance activities, including business continuity planning and crisis and incident management, as well as foster a culture of security awareness. This role is based in our South Brisbane office.
Benefits at SLSQ:
- Access to salary packaging benefits.
- Flexible working conditions and work from home available.
- Paid parental leave.
Key Roles & Responsibilities:
- Developing and implementing security strategy, policies and procedures.
- Implementing and overseeing the organisation’s cybersecurity program.
- Develop, implement and maintain business continuity plan.
- Aligning cybersecurity and business objectives.
- Coordinating the response and recovery efforts when a data or security breach occurs.
- Operational responsibility for the monitoring of security threats and incidents.
- Overseeing planning for incident response and disaster recovery.
- Understanding network activity and preparing for potential threats.
- Promote and build a demonstrable and meaningful security culture.
- Educate staff in the organisation on the best IT practices and regulatory requirements.
- Identifying and assessing security and organisational risks.
- Implementing security measures to mitigate risks.
- Ensuring compliance with regulations and industry standards.
- Leading and developing IT staff.
- Managing relationships with key external stakeholders.
- Cybersecurity awareness and training for staff.
- Planning, recommending and actively and effectively monitoring the annual operating budget and the longer term capital spending budget for information and security.
- Communicate and report to the Chief Executive Officer and Board.
- Provide high level strategic advice and support to Executive and Management teams regarding information security.
- Physical and Cyber Security and Records Management compliance and reporting, including breach reporting to the Board, and/or reporting to Senior Executive and governance committees i.e. Financial and Risk Management Committee.
Skills, Qualifications, and Experience:
- Bachelor’s or Masters degree in information technology, cybersecurity, risk management, or related fields.
- Minimum 10 years’ experience in a similar high-level position.
- In-depth knowledge of cybersecurity principles, industry standards, frameworks, and best practices.
- Excellent project and incident management and leadership skills.
- Strong problem-solving and analytical skills to identify and mitigate security risks.
- Outstanding communication and interpersonal skills, with strong track-record of engaging with Boards/executives to drive business outcomes.
- Strong understanding of risk management principles and the ability to assess and prioritise cybersecurity risks in the context of critical infrastructure protection.
- Demonstrated experience leading/ managing security teams and large/complex programs of work.
- Proven experience developing and managing strong relationships across business and technology teams.
- Strong commercial acumen to engage and manage 3rd party vendors to deliver efficient and effective services to the business,
- Expert knowledge of IT governance, cybersecurity, risk and compliance requirements in ICT, including in-depth knowledge of industry standard security frameworks.
- Technical understanding of the ICT landscape including, Information risk management, product management, program/ project management, network systems, support desk, service delivery, infrastructure, and engineering.
- Strong ability to develop business aligned cybersecurity/IT strategies, frameworks and business continuity plans.
- Familiarity with regulations and standards such as those related to critical infrastructure protection and privacy.
- Financial acumen to develop and manage a cybersecurity budget, allocating resources effectively to address priority areas.
About SLSQ:
Surf Life Saving Queensland employs over 550 people throughout Queensland. SLSQ is an efficient and vibrant organisation servicing 35,000 members. It was formally established in 1930 and is the governing body for surf lifesaving in Queensland, comprising 57 affiliated surf lifesaving clubs in six regional branches. The organisation also includes supporters’ clubs and a range of programs that involve more than 462,000 participants. SLSQ is directly affiliated with, and is part of, Surf Life Saving Australia (SLSA) and the International Life Saving Federation (ILF). Surf Life Saving Queensland is built on a fundamental principle: to save lives. Our organisation encompasses several diverse arms – lifesaving services, community education, membership services, surf sports, fundraising and commercial training.