About the role We are seeking an experienced Cybersecurity Program Manager to lead and deliver enterprise-wide security initiatives across our Critical Infrastructure company. This role will oversee a portfolio of cyber programs spanning IT and OT (Operational Technology environments. You will work closely with technology, risk, and business stakeholders to strengthen the cyber resilience, meet regulatory obligations, and drive secure digital transformation across the customer organisation. Key responsibilities Lead the planning, governance, and delivery of cybersecurity programs and projects across IT and OT environments. Rollout multi-year cybersecurity roadmap aligned to business strategy and regulatory requirements in the Australian energy sector. Manage program budgets, timelines, risks, dependencies, and vendor engagements. Establish program governance, reporting, and executive dashboards for senior leadership and board-level stakeholders. Coordinate cross-functional teams including, security architecture, infrastructure, cloud, Applications and operational technology teams. Drive implementation of security frameworks such as ISO 27001, NIST CSF, Essential Eight, and IEC 62443 for industrial control systems. Lead cyber risk assessments and remediation programs across enterprise and operational environments. Required experience & skills 10 years’ experience, with at least 3–5 years in cyber security program or portfolio management roles. Proven experience delivering complex cybersecurity initiatives in energy, utilities, critical infrastructure, or industrial environments. Understanding of both IT and OT security (SCADA, ICS, network segmentation, etc.) Excellent stakeholder management and communication skills, including executive-level reporting. Experience in working with Global delivery teams. Experience managing vendors, managed security services, and large transformation programs. Strong risk management and governance capabilities. Desirable qualifications Experience in the Australian energy or utilities sector. Certifications such as CISSP, CISM, CRISC, PMP, PRINCE2, or equivalent. Experience with regulatory compliance and security frameworks relevant to Australia Knowledge of cloud security (Azure), identity security, and zero-trust architectures. Knowledge of Australian regulatory and industry obligations (e.g., SOCI Act, AER/AEMO guidance, privacy and critical infrastructure requirements).
