OUR VALUE PROPOSITION At RSM, our purpose is to instill confidence in a world of change for both our clients and our people. RSM Australia supports a people-centric and collaborative culture where we are committed to empowering and developing you. As a leading professional services firm, we connect you to an extensive network of global resources and invest in your future. We value the meaningful work that you do and encourage you to be a part of the change. Our value proposition is our commitment to you; it highlights the experiences, benefits, and value that you can expect as part of RSM. This is underpinned by our three values – integrity in everything that we do, supporting clients everywhere, and developing and valuing everyone. Who we are: RSM Australia is a member of RSM, the world’s 6th largest network of audit, tax and consulting firms. We are an award-winning professional services firm with over 100 years experience supporting Australian businesses. We believe in putting people first and we are proud to have developed a work culture that fosters growth, collaboration and success. About the role: Information Security & Privacy Lead Location: Melbourne (preferred), Sydney, Perth or Brisbane About the role: Lead the maturity of Information Security Governance and Privacy across the Firm. RSM is seeking a highly capable Information Security & Privacy Lead to drive firm‑wide uplift in governance, risk, compliance, and privacy practice. In this pivotal role, you'll operate and continuously improve our ISO 27001‑aligned ISMS, manage the security risk register, embed Privacy‑by‑Design into business processes, and deliver integrated, board‑level insights that strengthen organisational trust and resilience. You’ll work closely with technology, legal, HR, marketing, business units, auditors, and regulators, serving as the central authority who ensures security and privacy obligations are consistently understood, executed, and evidenced. This role provides unified leadership across GRC and Privacy , shifting the firm from person‑dependency to repeatable, mature, auditable practices. You’ll own the security risk methodology, uplift third‑party risk management, deliver audit‑ready evidence, run security and privacy awareness programs, and publish KPI/KRI dashboards that inform executives and the Board. As a trusted advisor, you’ll embed secure and privacy‑aware behaviours across day‑to‑day operations, projects, and strategic initiatives. Key Responsibilities Governance, Risk & Compliance Leadership Operate and continuously improve the Firm’s ISO 27001‑aligned ISMS, ensuring policies, controls, and exceptions remain audit ready. Own and drive the enterprise security risk register, including risk identification, assessment, treatment, and executive reporting. Lead audit and assurance readiness — including evidence packs, walkthroughs, corrective actions, and regulator/auditor engagement. Privacy Leadership Institutionalise Privacy‑by‑Design, lead Privacy Impact Assessments (PIAs), and guide the business through obligations and OAIC notifications when required. Support incident response for privacy breaches, partnering with Legal and P&C to manage communication and remediation. Third‑Party & Client Assurance Lead third‑party risk management, including due diligence, contractual controls, remediation, and implementation of the vendor risk platform. Respond to client and regulatory security/privacy requests with clarity, consistency, and confidence. Culture, Awareness & Leadership Develop and deliver integrated security and privacy awareness programs, including role‑based training with measurable outcomes. Foster a positive, security‑and‑privacy‑conscious culture across the firm through stakeholder engagement and clear communication. Executive & Board Reporting Maintain and publish KPI/KRI dashboards covering risk, compliance, privacy and cultural uplift — enabling senior leaders to make informed, risk‑based decisions. Provide concise, data‑driven insights on trends, maturity, and emerging obligations. About you: Essential Requirements Relevant tertiary qualification and/or equivalent experience. Formal training or certification in privacy management, risk management (e.g., ISO 31000) or frameworks such as ISO 27001, Privacy‑by‑Design, or ISO 22301. Proven experience operating an ISO 27001‑aligned ISMS and leading policy, control, and audit readiness activities. Demonstrated experience managing enterprise security risks and third‑party risk programs. Experience leading PIAs, Privacy‑by‑Design and responding to privacy incidents and notifications. Strong communication skills with experience advising stakeholders and responding to client/regulator queries. Experience designing or maintaining KPI/KRI dashboards (e.g., Power BI, Tableau, GRC tools). Desirable Certifications such as CISM, CISSP, CISA, CIPM or CIPP. Experience in professional services or highly regulated sectors. Experience implementing third‑party risk management platforms (e.g., OneTrust). Background in security or privacy transformation/uplift programs. Experience building integrated board reporting for security and privacy. Passionate about governance, risk, compliance, and privacy? Lead a function that truly matters, we’d love to hear from you. Apply now! Eligibility to work permanently in Australia is required for this role. Unfortunately, visa sponsorship is not available for this opportunity. Life at RSM: RSM provides a great environment to build skills and confidence and we help our people achieve their best. We are trusted advisors to our clients, so it is critical for us to find the right people for the job on offer. Our network of offices across Australia and around the world allow us to offer a personal service to all our clients regardless of where they are! Working for RSM entitles everyone to a wide range of leading health, wellness financial and lifestyle benefits. How to apply: Please click on the “apply” button and complete our online application form. Agencies, thank you for thinking of us, but our recruitment is managed internally, and we will reach out to our preferred suppliers if we need assistance.
