Senior Security Advisor

The role

The Senior Security Advisor is a specialist position responsible for leading and overseeing the organisation's security advisory and assurance. This role involves providing expert guidance on security matters, and ensuring the protection of the organisation's assets, information, and personnel; and ensures that APRA fulfils its obligations for security assurance, management of third parties and security control design and implementation. The Senior Security Advisor works closely with IT teams, and other stakeholders to create a secure and resilient environment.

The team

APRA is embarking on an ambitious program of change incorporating cloud, data, digital and security initiatives. This has created the opportunity to join a small but growing Security team which sits within the Technology, Data and Security division. The Security team manages cyber, information and personnel security aligning with the Protective Security Policy Framework (PSPF).

The Security Engagement and Advisory team works in a highly collaborative manner with a wide range of stakeholders at all levels of the organisation to develop, communicate and implement the security strategy. Key stakeholders include the CIO, CDO, CRO, Enterprise Architecture and IT Governance. Other key stakeholders across the organisation will include the Business Divisions and the Project Management Office.

We maintain informal relationships with security teams at peer regulators and government agencies to learn from each other.

Key responsibilities

• Facilitate internal stakeholder engagement with a focus on security as a business enabler

• Provide timely, proactive and effective technical security advice to stakeholders

• Contribute as an SME to technical streams on security projects as an SME on PSPF and ISM requirements, and general good security practices

• Contribute to the integration of security practices into secure by design processes

• Undertake security reviews, risk assessments, coordinate security assurance activities (e.g. external pen testing) and provide advice on risk management of assurance outcomes

• Design comprehensive security architectures and create detailed documentation and artefacts to support both security architecture and assurance initiatives

• Review security requirements in third party contracts and third-party security documentation to ensure ARPA’s third parties are managing security within the government requirements, and contribute to new solution requirements and product selection analysis

• Collaborate closely with Enterprise and Solution Architects to develop reusable security patterns and contribute to security architecture decisions

• Work closely with IT, Data, legal, procurement, P&C, and business teams to ensure a cohesive and risk-managed security approach

• Work closely with other security teams to ensure risks are identified, managed and documented

• Communicate security risks and strategies to non-technical stakeholders

• Actively contribute to improving the organisation’s security strategy, policies and procedures

• Proactively contribute to team activities and documentation

About you

• Demonstrated experience in information security and practiced in a senior security consulting, architecture or advisory role

• Proven track record of developing and implementing security strategies, controls and policies

• In-depth knowledge of Australian government security frameworks, standards, and best practices (i.e. PSPF, ISM and Essential 8)

• Working knowledge of a broad range of security technologies and tools (e.g., firewalls, intrusion detection systems, SIEM, privileged access management, multi-factor authentication)

• Strong understanding of network security, application security, and cloud security

• Strong risk management analysis and risk quantification skills

• IRAP assessment, preparation and support is an advantage:

• Well-developed stakeholder engagement and relationship skills, good in managing a diverse group of senior stakeholders and relationships

• Developed executive communication, leadership, negotiation, conflict resolution and interpersonal skills and the ability to represent APRA’s view in a highly professional and sensitive manner.

To work with us you need to be an Australian Citizen and have the ability to gain a Security Clearance. 

About APRA

Australian Prudential Regulation Authority (APRA) was established in 1998 as an independent statutory authority that supervises almost 1,200 financial institutions that manage $8.6 trillion in assets for Australians across the banking, insurance and superannuation sectors.

In overseeing the safety, competitiveness and stability of the financial system, we seek to recruit, develop and retain highly skilled professionals, who want to help shape financial services and protect the financial wellbeing of the Australian community. Our employee base of almost 900 come predominantly from the commercial financial services industry or other government agencies; as such, we have the feel of a small corporate organisation that can work flexibly and with agility.

At APRA, we’re committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought, and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. If you need any adjustments during the recruitment process, please inform at application stage so we can do our best to accommodate your requirements.