About the Role Reporting to the CISO, this is a leadership role operating at the intersection of business strategy and technical execution. You will own and evolve Avant’s enterprise security architecture, ensuring our platforms are resilient against emerging threats while meeting regulatory obligations. From cloud and infrastructure to applications, identity, and AI, you’ll set the direction and ensure security is embedded everywhere. You’ll also play a key role in uplifting capability including mentoring teams, strengthening architecture practices, and embedding a shift-left security culture across engineering and delivery. Key activities Enterprise Security Strategy & Architecture Define and evolve Avant’s enterprise security architecture and technology roadmap Align security strategy to business outcomes, risk appetite, and regulatory requirements Establish standards, patterns, and reference architectures across all domains Secure-by-Design & Capability Uplift Embed security early across the SDLC, CI/CD pipelines, and product design Lead threat modelling practices to identify risks early Build and uplift architecture capability, mentoring teams and driving best practice Cloud, Infrastructure & Identity Security Oversee security design across cloud (AWS, Azure, GCP), hybrid, and on-prem environments Lead Identity & Access Management, endpoint protection, and network security strategies Guide adoption of modern approaches such as Zero Trust and AI-driven security Risk, Governance & Compliance Ensure alignment with APRA standards (CPS 234, CPS 230) and other regulatory obligations Develop and embed threat risk assessment frameworks and processes Represent Information Security at governance forums and Architecture Review Boards Thought Leadership & Innovation Maintain a forward-looking view on cyber threats, AI, and emerging technologies Evaluate and introduce new capabilities to strengthen Avant’s security posture Act as a trusted advisor to senior stakeholders across Technology and the business Experience and skills required: Extensive experience in cybersecurity, including enterprise security architecture leadership Proven experience operating in APRA-regulated environments Deep expertise across multiple domains (e.g. Cloud, Identity, Zero Trust, AppSec, DevSecOps, AI) Strong experience designing scalable, enterprise-wide security architectures Commercial mindset in balancing risk, usability, and business outcomes Excellent stakeholder engagement, influencing, and communication skills Certifications (highly regarded): CISSP-ISSAP, SABSA, CISM, CCSP, TOGAF (or similar) Nice to have experience: healthcare, insurance or regulated industry background; exposure to AI security, cyber risk quantification or operational resilience (CPS 230) About Avant For over 130 years, Avant has stood by Australian medical professionals. As the nation's leading medical defence organisation, we represent 95,000 health practitioners and medical students, more than 52% of Australia's doctors. Join an organisation with purpose, one that genuinely exists to support its members and improve healthcare in Australia. You'll work with committed, passionate colleagues in an environment that values both rigour and collaboration. For further information, please contact Sue Allen, Talent Acquisition Business Partner on 0429 404 856.
