Head of Cyber Risk & Response

The role

As Head of Cyber Risk and Response, you will work collaboratively to deliver a range of initiatives and activities which drive the transformation of operational resilience across the industries APRA regulates. The scope of work will include the implementation of strategies and work programs to enable significant uplift in operational resilience practices in APRA’s regulated population, particularly across Cyber and Technology risk management and ensuring that APRA’s supervision activities are effective and appropriately targeted and delivered efficiently. You will be a senior leader in the Non-Financial Risk (NFR) team and a member of the APRA Leadership Team within the Cross-Industry Risk division (CRD).

The team

The Non-Financial Risk (NFR) team is responsible for providing identification, insight and supervision strategies for managing non-financial risks including operational resilience at regulated entities and across the financial services system. This includes key risk streams such as Operational Risk and Resilience, Technology and Cyber Security Risks and Resilience, Climate Risk, Governance, Risk Culture and Conduct, and Accountability and Remuneration practices.

The NFR team brings specialist risk knowledge and skills to deliver APRA’s mandate and corporate plan in partnership with APRA’s frontline supervision, cross industry risk and policy teams to drive strategic outcomes and support strong prudential oversight across Banking, Superannuation and Insurance.  Each day is different and the team plays a critical role in ensuring that risks are identified and managed leading to more resilient organisations and a stable financial system.

Key responsibilities

• Lead APRA’s response to cyber and operational incidents including assessing potential incident trajectory, engaging across internal and cross agency teams to assess impacts and determine actions and ensure internal playbooks are fit-for-purpose;

• Deliver cyber resilience uplift activities, such as CPS234 Remediation oversight, guide and support future policy development, understand and monitor emerging technology capabilities, and work closely across whole-of-government on cyber strategy outcomes;

• Bring a dynamic and informed approach to the provision of strategic risk insights and advice to APRA executive leaders on key issues relating to cyber, technology and data risk management;

• Lead a team of professionals to deliver strategic uplift and core supervision outcomes in a pooled resourcing environment, fostering an inclusive environment;

• Work with multiple key internal stakeholders and teams to partner on strategic uplift initiatives and core and ensure needs and requirements are understood and met;

• Develop external networks to support initiatives including government agencies, industry associations and key positions at regulated entities;

• Proactively identify and raise continuous improvement opportunities for whole of team efficiency and effectiveness; and

• Actively contribute to the leadership of Non-Financial Risk team including management of risks, allocation of resources, development of people, prioritisation of activities, management of key relationships and overall team strategy.

About you

• Strong leadership and management capabilities, including the ability to organise/motivate others and drive to deadlines;

• Professional qualifications in relevant field or equivalent experience in assessing the management of information security (including cyber);

• Leading in the face of uncertainty and facilitates understanding of complex circumstances to gain support and agreement;

• Experience in the financial services sector in a leadership capacity, with sound understanding of the principles of prudential regulation and financial sector risks;

• Excellent organisational, prioritisation, analytical and communication skills;

• Relationship building, negotiation and influencing capability at senior level;

• Ability to identify strategic issues and develop and implement appropriate solutions;

• Strong personal integrity and an intuitive understanding of what is reasonable and prudent business practice; and

• Ability to establish and maintain sound working relationships with peers, team members and external stakeholders in a professional team environment.

To work with us, you need to be an Australian citizen with eligibility to obtain and maintain Australian Government Security clearance.

About APRA

The Australian Prudential Regulation Authority (APRA) places you at the heart of Australia’s financial services industry. APRA serves the Australian community by helping ensure financial institutions deliver on the financial commitments they make, within a stable, efficient and competitive financial system.

At APRA we’re committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. When applying, please inform us of any adjustments you may need during the interview process.