Principal Security Advisor

The role

The Principal Security Advisor is a senior-level specialist position responsible for leading and overseeing the organisation's security advisory and assurance. This role involves providing expert guidance on security matters, and ensuring the protection of the organisation's assets, information, and personnel; and ensures that APRA fulfils its obligations for security assurance, management of third parties and security control design and implementation. The Principal Security Advisor works closely with executive leadership, IT teams, and other stakeholders to create a secure and resilient environment.

The team

APRA is embarking on an ambitious program of change incorporating cloud, data, digital and security initiatives. This has created the opportunity to join a small but growing Security team which sits within the Technology, Data and Security division. The Security team manages cyber, information and personnel security aligning with the Protective Security Policy Framework (PSPF).

The Security Engagement and Advisory team works in a highly collaborative manner with a wide range of stakeholders at all levels of the organisation to develop, communicate and implement the security strategy. Key stakeholders within the division include the CIO, CDO, CRO, Enterprise Architecture and IT Governance. Other key stakeholders across the organisation will include the Business Divisions and the Project Management Office.

We maintain informal relationships with security teams at peer regulators and government agencies to learn from each other.

Key responsibilities

• Lead internal stakeholder engagement with a focus on security as a business enabler

• Provide timely, proactive and effective technical security advice to stakeholders

• Lead technical streams on security projects as an SME on PSPF and ISM requirements, and general good security practices

• Undertake security risk assessments, coordinate security assurance activities (e.g. external pen testing) and provides advice on risk management of assurance outcomes

• Drive facilitation of the security assurance process and produce security documentation and artefacts to support security architecture and assurance

• Collaborate with Enterprise Architecture and Solution Architects to co-develop security architecture plans and contribute to security architecture decisions

• Lead the review of security requirements in third party contracts and third party security documentation to ensure ARPA’s third parties are managing security within the government requirements, and contribute to new solution requirements and product selection analysis

• Maintain knowledge on new technologies, and continuously refine and integrate security practices and documentation to help

• Work closely with IT, legal, procurement, P&C, and business teams to ensure a cohesive and risk-managed security approach

• Work closely with other security teams to ensure risks are identified, managed and documented

• Communicate security risks and strategies to non-technical stakeholders

• Actively contribute to improving the organisation’s security strategy, policies and procedures

About you

• Significant experience in information security and within a principal security consulting, architecture or advisory role

• Proven track record of developing and implementing security strategies, controls and policies

• In-depth knowledge of Australian government security frameworks, standards, and best practices (i.e. PSPF, ISM and Essential 8)

• Knowledge of architecture frameworks like TOGAF, SABSA and others

• Working knowledge of a broad range of security technologies and tools (e.g., firewalls, intrusion detection systems, SIEM, privileged access management, multi-factor authentication)

• Strong understanding of network security, application security, and cloud security

• Strong risk management analysis and risk quantification skills

• IRAP assessment, preparation and support is an advantage

• Exceptional stakeholder engagement and relationship skills, highly adept in managing a diverse group of senior stakeholders and relationships

• Highly developed executive communication, leadership, negotiation, conflict resolution and interpersonal skills and the ability to represent APRA’s view in a highly professional and sensitive manner. The ability to translate complex technical issues into plain language

To work with us you will need to be an Australian citizen and have the ability to gain a Security Clearance 

About APRA

The Australian Prudential Regulation Authority (APRA) places you at the heart of Australia’s financial services industry. APRA serves the Australian community by helping ensure financial institutions deliver on the financial commitments they make, within a stable, efficient and competitive financial system.

At APRA, we’re committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought, and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. When applying, please inform us of any adjustments you may need during the interview process.