Australian Red Cross is seeking an experienced and dynamic individual to join their team as the Head of Information Security. Reporting to the CIO, the Head of Information Security is responsible for implementing and running the enterprise information security and compliance program. The scope of the role includes the management of security risks as it manifests in the areas of technology, operations and strategy.

Key Responsibilities

• Work with the CIO to develop and implement a security program and security projects that address identified risks and business security requirements.
• Consult with the broader organisation and government departments to deliver and maintain certifications against security frameworks
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
• Manage and coordinate operational components of incident management, including detection, response and reporting.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
• Manage security projects and provide expert guidance on security matters for other IT projects.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
• Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.

Experience

• Excellent verbal, written and interpersonal communication skills.
• Minimum of 10 years of experience in information security, including leadership roles
• Knowledge of & experience in developing & documenting security architecture & plans.
• Extensive experience in security analysis, auditing and management frameworks.
• Experience in application technology security testing (white box, black box and code review).
• Experience in system technology security testing (vulnerability scanning & pen testing).

Qualifications

Relevant tertiary qualifications, skills and experience in Information Security Management.

Desirable but not essential:

• ICS2 CISSP, CISM, CCSP
• ISACA Certified Information Security Manager
• Microsoft Security Architect, Administrator or Compliance certifications
• IAPP Certified Privacy Professional
• ISO/IEC 27001 Certification