AUSTRAC, Australia's financial intelligence agency, is evolving to strengthen its fight against money laundering and terrorism financing. As we expand our regulatory reach and broaden our digital transformation, this introduces new technologies and threats. We are now recruiting several, leadership positions to strengthen the agency's IT and Cyber Security function. These role offers a unique opportunity to help shape cyber security strategy and champion positive security culture across AUSTRAC. We're looking for strategic and people-focussed leaders to lead cross-functional IT teams in navigating an evolving threat landscape. You'll guide cross-functional teams and create an atmosphere where people feel empowered and encouraged to contribute their best ideas. If you embrace challenges diligently, passionate about leading teams in a collaborative environment, and eager to make a meaningful impact we encourage you to apply! This recruitment process will be used to fill both ongoing and non-ongoing vacancies and build a merit pool for future roles over the next 18 months. Director IT Security /IT Security Advisor (ITSA) EL2 The Director, IT Security / IT Security Advisor (ITSA) leads AUSTRAC's IT Security function, with direct responsibility for managing a small, high-performing information security team. The ITSA supports the delivery of the agency's cyber security strategy and ensures that security practices, systems, and advice are continuously improved and aligned with national standards and internal priorities. This position works closely with Executives and governance forums to uplift cyber maturity and deliver secure outcomes across the organisation. Key duties include: Providing operational leadership to AUSTRAC's IT Security team, setting direction, allocating priorities, and managing performance to ensure effective delivery of security services, compliance activities, and internal capability uplift. Providing high-level insights and trusted advice to executive leadership, translating complex cyber policy and risk matters into clear strategic impacts. Driving the ongoing development and refinement of security risk frameworks. Providing subject matter expertise on risk tolerance, control assurance, and compliance against relevant legislative, audit, and operational requirements. Representing the agency at inter-agency forums and with external partners, shaping whole-of-government discussions on security policy and aligning standards. Director Identity and Access Management (IDAM) EL2 The Director Identity & Access Management (IDAM) leads the IDAM function delivering the IDAM roadmap in alignment with AUSTRAC's Cybersecurity Strategy Roadmap and Implementation Plan. The role provides strategic leadership, technical oversight, and governance across enterprise identity, authentication, and authorisation services to safeguard AUSTRAC's systems and data. Key duties include: Providing operational leadership to AUSTRAC's Identity and Access Management Team, setting direction, allocating priorities, and managing performance to ensure effective delivery of identity and access management services, compliance activities, and internal capability uplift. Delivering the IDAM roadmap, milestones, and outcomes per the AUSTRAC Cybersecurity Strategy Roadmap and Implementation Plan, translating strategic objectives into actionable programs and projects with clear success measures, benefits, and risk controls Implementing and maintaining IDAM controls aligned to ISM/PSPF, Essential Eight, ISO 27001, and applicable privacy obligations including the management of identity related risks, assurance activities, and audit findings while driving continual control uplift, identity threat modelling, and identity detection/response in partnership with Cyber Operations. Partnering with business owners, product teams, and security stakeholders to embed identity requirements in change initiatives. Lead Analyst Operational Security EL1 The Lead Analyst, Security Advisory is a key member of the Technology Platforms and Solutions Operational Security team within the Innovation and Technology Solutions (ITS) branch. This position will collaborate with IT, business stakeholders, and senior leadership to ensure that the AUSTRAC ITS branch can meet the security policy requirements and support projects and operational teams in maintaining a strong security posture. Key duties include: Delivering security analytics, analysis, and audits across a broad range of security data sources. Maintaining a high awareness of external and insider threats and responding accordingly. Developing and maintaining Information Security policies, procedures, and other documentation to ensure effective storage, coverage, review, and sign-off. Leading Information Security projects and initiatives and conducting risk assessments for internal and external systems and applications, ensuring risk is managed accordingly. The key duties of the position include Key Capabilities for success: As an EL2 in the above roles at AUSTRAC you will be expected to demonstrate the following capabilities: Professional Expertise - Demonstrated experience leading the development and implementation of ICT security policies, frameworks, and governance practices aligned with PSPF, ISM, ISO 27001/2 and other relevant standards within complex ICT environments with a strong knowledge of Australian Government cyber security obligations, security risk management frameworks, and information security compliance requirements. Decide and Initiate Action - applies strong judgement to interpret cyber policy, regulation and threat information in sensitive or ambiguous contexts, providing meaningful direction to staff, clarifying priorities and supporting Executive-level decisions through timely, evidence-based recommendations. Resilience - maintains a strategic view of security challenges while managing competing demands and responding to scrutiny from stakeholders or oversight bodies. Persuade and influence - Understands organisational objectives and negotiates and influences from a position of authority and credibility, framing arguments persuasively to generate mutually beneficial solutions. Innovative - champions contemporary approaches to information security governance, proactively seeks ways to integrate risk-based thinking into business and digital decision-making and encouraging innovative ways to strengthen policy effectiveness and security maturity. Lead and Supervise - Provides vision and meaningful direction to employees, clarifies priorities, inspires employees to achieve their best and promotes a culture of wellbeing, integrity, professionalism and continuous learning. As an EL1 in the above role at AUSTRAC you will be expected to demonstrate the following capabilities: Professional Expertise - Demonstrated experience working in and understanding cyber security within a federal government context. Knowledge and/or experience working with Azure and AWS security frameworks, particularly with regards to PROTECTED environment and a strong understanding of security event analysis and network traffic/threat analysis. Technology - Implements and encourages work practices that support the efficient, effective and lawful use of technology. Works with employees to ensure compliance with information and communications security and use policies. Shows commitment to the use of existing technologies and ensures effective deployment of new technologies in the workplace. Communicate Effectively - clearly articulates the work area's views and position. Tailors communication and approach to audience and circumstances and ensures common understanding of issues. Delivers information in a manner that is accessible and relevant to the intended audience Innovative - Generates practical solutions to problems based on an understanding of the broader context of issues, and of the ramifications of decisions for the business area and stakeholders Plan and Organise - Demonstrates a strong commitment to meeting agreed work targets and standards. Recognises actual and potential barriers and finds effective ways to deal with them. Analysis - Applies sound research and analytical skills to complex policy, projects and issues in the workplace. Analysis issues from different perspectives and draws sound inferences from information available, including patterns, trends and opportunities. Shows sound understanding, critical analysis and reasoning skills in identifying and addressing complex and/or sensitive issues. Tertiary qualifications and Security Qualifications A security degree majoring in Information Security or an associated technical discipline and Security Certifications such as CompTIA Security, (ISC)² Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) or CompTIA Advanced Security Practitioner (CASP) certification are highly desirable for the EL1 role.
