Chief Information Security Officer

The role

APRA’s Chief Information Security Officer (CISO) is a pivotal leadership role responsible for the safety and security of APRA’s data, personnel, and assets, with strong external ties and emphasis on internal policy setting, advice, assurance, and operational excellence. 

The CISO collaborates closely with the Chief Information Officer, Chief Data Officer, and Chief Risk Officer to calibrate security requirements to meet business objectives and compliance obligations based on thoughtful consideration of stakeholder expectations, resource constraints and interdependencies.
  
The role requires significant leadership capability in connecting and collaborating with key stakeholders, leading transformational change, and in building relevant capability within the team and externally, in accordance with APRA’s objectives.

Organisational environment

The CISO is a member of the APRA Senior Leadership Team and the Technology & Data (T&D) Executive Leadership Team, reporting to the Executive Director. Key external stakeholders include agencies such as ACSC, Home Affairs, ASIC, and RBA, and industry associations.

Key responsibilities

As CISO you will maintain, improve, and manage APRA’s security in relation to its people, information, and assets such that APRA remains within its risk appetite. 

The role spans the policy domains of the Commonwealth Government Protective Security Policy Framework (PSPF) from both a policy setting and assurance perspective:

• Security Governance – pertaining to the management structures and responsibilities that determine how security decisions are made.
• Information Security – pertaining to classification and handling of official information to ensure confidentiality, integrity, and availability.
• Personnel Security – pertaining to how to screen and vet personnel and contractors to assess their eligibility and suitability.
• Developing, implementing, and monitoring APRA’s security plans, policies, procedures, and systems across the breadth of APRA’s activities whilst also managing the ongoing and day-to-day activities.
• Operational responsibility for the monitoring and responding to security threats and incidents via APRA’s Cyber Security Operations Centre (CSOC).
• Building a demonstrable and meaningful security culture within APRA.
• Providing practical high level strategic advice and support to Executive and Management teams regarding the protective security arrangements for APRA.
• Leading and developing staff, including the identification and fostering of potential talent throughout the team and Division.
• Modelling inclusive leadership behaviours and instilling an open culture within the team, where divergent views are shared and respected.

About you

• Extensive experience in cybersecurity leadership roles within financial services, government, or highly regulated environment.
• Highly developed people leadership skills with the demonstrated ability to develop and support an inclusive, collaborative and excellence-driven workplace culture.  
• Adept at leading in the face of uncertainty and facilitates understanding of complex circumstances to gain support and agreement.
• Excellent organisational, prioritisation, analytical and communication skills.
• Relationship building, negotiation and influencing capability at senior level.
• Demonstrated ability to identify strategic issues and develop and implement appropriate solutions.
• Strong personal integrity and an intuitive understanding of what is reasonable and prudent business practice.
• Sound understanding of the principles of prudential regulation and/or financial sector risks.
• Professional qualifications in relevant field or equivalent experience.

To work with us, you need to be an Australian citizen with eligibility to gain an Australian government security clearance (at Negative Vetting Level 1 for the CISO role).

About APRA

The Australian Prudential Regulation Authority (APRA) places you at the heart of Australia’s financial services industry. APRA serves the Australian community by helping ensure financial institutions deliver on the financial commitments they make, within a stable, efficient and competitive financial system. 

At APRA we’re committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought, and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. When applying, please inform us of any adjustments you may need during the interview process.