Are you a hands-on security lead who loves solving real problems, uplifting capability, and driving meaningful impact? This is your chance to take ownership of an information security function inside a highly regulated financial services organisation that is genuinely investing in maturity, culture, and uplift. Why This Role Matters The organisation is rapidly maturing its information security capability and has recently redesigned its entire approach to third-party risk, governance and security operations. They now need a capable Security Lead who can help turn strategy into reality, someone who thrives on rolling up their sleeves while bringing others on the journey. You’ll be the calming, pragmatic centre of the security function: guiding a small team, collaborating with Technology and Risk leaders, and ensuring security controls are executed consistently across the business. A Day in the Life of : Oversee day-to-day information security operations and activity. Drive uplift in CPS 234 compliance and security maturity. Implement the new Service Provider Security Assessment process. Lead work on the Information Asset Register and associated governance. Coordinate and coach a small security team, breaking down silos and promoting cross-skilling. Act as an escalation point for security incidents (with light-touch out-of-hours expectations). Support internal and external audit activity. Partner with Technology, Risk & Compliance, and external security vendors. Contribute to RFP/RFQ processes and broader security strategy. Help uplift security awareness and culture across the organisation. This is a role with both depth and influence, perfect for someone who wants to shape how security is done, not just follow a script. Must-Have Experience Strong hands-on experience in information security operations or governance. Background in a regulated environment (financial services preferred, health acceptable). Familiarity with APRA CPS 234 , ISO 27001, or equivalent frameworks. Experience coordinating or leading small technical teams/huddles. Exposure to vendor security assessments and third-party risk. The ability to guide, coach, and influence others across tech and business teams. Nice to Have Experience contributing to RFP/RFQ processes. Industry certifications (CISM, CISSP, CRISC, etc.). Previous involvement in security culture uplift initiatives. Ready to Apply? If you’re a security professional who loves the combination of leadership, technical depth and tangible impact, and you want to build something meaningful rather than maintain what’s already there, we’d love to hear from you. Apply now or reach out to Laura Frazer for a confidential chat on 1300 920 921
