Strategic Cyber Governance Lead Principal

Employment TypePermanentClosing Date19 Feb :59pmJob TitleStrategic Cyber Governance Lead PrincipalJob SummaryThis role drives alignment between cyber oversight and governance, supply chain security, enterprise risk management, and strategic objectives, providing actionable insights and reporting to senior management stakeholders. The position ensures the organisation meets cyber obligations under the Security of Critical Infrastructure (SOCI) Act, PCI DSS, ISO 27001, and cyber remediation and partner security assurance frameworks.Job DescriptionKey Responsibilities:Contribute to the development and implementation of the organisation''s cyber governance, risk, and compliance (GRC) framework in alignment with business strategy and regulatory requirements.Drive improvements in the maturity of Supply Chain security processes and enabling technologies.Execution and ongoing improvement of continuous compliance monitoring programs.Work across teams, mentoring and developing, and being your 2IC as a senior leader in the COE.Assist with compliance programs for SOCI, PCI DSS, ISO 27001, FAIR and other relevant cyber security policies, standards and frameworks.Contribute and deliver regular cyber risk quantification, maturity, and compliance reports to the senior leadership team and Board, translating technical risk into strategic business context.Coordinate enterprise-wide cyber governance initiatives, including policy development, control frameworks, and assurance activities.Collaborate with internal stakeholders and external partners to assess third-party and supply chain security governance practices.Maintain visibility over the legislative and regulatory landscape, advising leadership on emerging obligations and best-practice improvements.Drive a culture of accountability and continuous improvement in cyber risk management through effective communication, training, and stakeholder engagement.About you:You''re a strategic thinker with deep security expertise and a collaborative mindset. You thrive in cross-functional environments and are passionate about building a strong security culture.Key Requirements for Success in This RoleExtensive Cyber Security ExperienceTo excel in this position, you must bring substantial and up-to-date experience in Cyber Security. This includes a proven track record in leading a cyber risk program, demonstrating your capability to manage and drive security initiatives at an organisational level.Expertise in Governance, Risk, and Compliance FrameworksA deep understanding of third-party security, as well as cyber governance, risk, and compliance frameworks, is essential. This includes comprehensive knowledge of standards such as ISO 27001, NIST Cybersecurity Framework (CSF), PCI DSS, and the FAIR model. Experience with legislative compliance, ISO 27001 certification, and managing partner or supplier cyber assurance programs is also required.Business-Focused Communication SkillsStrong ability to translate complex technical and regulatory requirements into clear, business-relevant insights is critical. This skill is particularly important when preparing reports and presentations for executive and board-level audiences.Leadership in Security Policy and AssuranceYou must be able to guide the development and implementation of security policies, control frameworks, and assurance processes across large or complex organisations. This includes excellent written and verbal communication abilities, especially in the context of board reporting, governance documentation, and managing relationships with stakeholders.Current Knowledge and Technical ProficiencyAn up-to-date understanding of the evolving Cyber Security threat landscape is necessary, along with familiarity with Quality Management and Information Security Standards such as NIST, ISO 27001, ASD, and the Security of Critical Infrastructure (SOCI) Act. You should possess technical, theoretical, and practical knowledge of Cyber Security, as well as experience in ICT and network security risk management.Qualifications and CertificationsThe role requires either a relevant university-level qualification, industry-recognised training, appropriate certifications, or equivalent practical experience. An audit qualification, such as CISA or ISO Lead Auditor, is viewed favourably.Presentation and Stakeholder EngagementYou must demonstrate the ability to deliver confident and assured presentations to a range of audiences, including senior management, with a mix of technical and non-technical stakeholders. A collaborative, team-first approach to personnel management and task execution is highly valued.Critical Thinking and IndependenceWell-developed critical thinking skills are essential, as is the ability to work independently. You should consistently demonstrate reliability, self-motivation, and the ability to motivate your team.Additional Experience and AttributesProven experience leading teams.Experience in Federal and State Government Cyber Security, Risk, and Compliance is advantageous.Proactive, resilient, and able to maintain productivity under pressure.Broad knowledge across a variety of compliance frameworks.Familiarity with Telstra''s Cyber Control frameworks.Understanding of Australian cyber laws and standards.

Created: 2026-02-13