Job Title
Information Security OfficerJob Description Summary
We are seeking an experienced Client IT Security Manager to lead the ongoing management and enhancement of our Information Security Management System (ISMS) in alignment with ISO 27001, IRAP, and Australian Government security requirements. In this key role, you will oversee audits, risk management, compliance activities, and security governance across our client‑facing environments.Job Description
Key Responsibilities
ISO 27001 Responsibilities
Own and maintain the Australia ISMS, including documentation and review schedules.
Manage ISO 27001 audits and implement corrective actions.
Lead biannual ISMS management reviews and annual internal audits.
Oversee quarterly control monitoring and maintain compliance and risk registers.
Coordinate local vendor risk assessments and ensure alignment with global standards.
Support incident management, BCP planning, and ISMS testing.
Conduct regular security and physical checks.
Oversee data retention and deletion in line with regulations.
Provide quarterly leadership reports and manage ISMS communications.
Participate in global policy and standard review.
IRAP Responsibilities
Define assessment boundaries and scope based on Australian government services.
Maintain compliance with Authority to Operate (ATO) requirements, assessing risks for any deviations.
Review documentation and controls per the Australian Government Information Security Manual (ISM).
Ensure alignment with ASD’s IRAP Common Assessment Framework.
Develop and update required security artifacts (e.g., System Security Plan, Statement of Applicability, Security Risk Management Plan).
Oversee technical configuration reviews, evidence collection, and IRAP assessment reporting.
Document and address residual risks
Additional Responsibilities
Work with application owners on vulnerability remediation and reporting.
Manage cyber security incident notification and communication between internal teams and clients.
Support local IT and service line teams with compliance requirements, client tender submissions, and audit requests.
Participate in client security audits and support document requests to meet auditor's timeline.
Required Skills & Experience
Strong knowledge of ISO 27001, IRAP, and Australian Government ISM.
Experience in risk management, audit coordination, and compliance within multinational or regulated environments.
Excellent communication, stakeholder management, and leadership.
Skilled at managing multiple priorities and collaborating across teams.
Preferred certifications: CISM, CISSP, ISO 27001 Lead Implementer/Auditor.
Strong team-building and relationship skills, especially during change.
Ability to align business goals with partners.
Familiar with risk assessment, IT policies, standards, and training.
Broad IT expertise (e.g., distributed computing, networks, financial applications, security, business recovery).
5–7+ years in IT Risk and/or IT Audit.
If you’re ready to take ownership of a critical security function and work collaboratively across a global organisation, we’d love to hear from you.