What success looks like in this role:
Security, Data Protection & Compliance Leadership
- Lead IT security, information & data security, and compliance functions
- Establish and maintain policies, standards, and frameworks
- Ensure alignment with ISO 27001 and Australian regulations (CPS 230
Risk Management & Governance
- Own and maintain IT and data risk register
- Maintain risk governance framework
- Identify opportunities for risk mitigation, scope uplift initiatives, present justification to UMP leadership and manage their delivery.
Security, Risk & Compliance Reporting
- Develop monthly governance reports covering security posture, risks, and compliance gaps
- Keep abreast of global information/data security threats/events
- Present insights and improvement opportunities to leadership and in governance forums.
Security Operations & Tooling
- Oversee SIEM/SOC, DLP, PAM, endpoint and network security, identifying opportunities for uplift and proactively addressing them.
- Proactively monitor and manage vulnerabilities across applications and infrastructure.
Platform & Infrastructure Security
- Secure HCI, virtualisation, Windows and Linux environments
- Establish standards and guidelines for infrastructure components for hardening and secure configuration.
- Provide guidance and planning input for scoping and delivering penetration tests by third party partners of UMP.
- Review change requests from a security and compliance perspective.
- Establish standards for network security, and monitor them.
Data Security & Privacy
- Define data classification, handling, retention, and protection standards
- Oversee encryption, masking, and DLP controls
API & Application Security
- Enforce API security standards
- Promote OWASP-aligned DevSecOps practices, incorporating those principles during design and reviewing scanning results to monitor compliance.
Regulatory & Audit Management
- Ensure compliance with Australian regulations
- Lead audits and maintain audit readiness
Governance & Stakeholder Engagement
- Chair security governance forums
- Contribute to security and vulnerability reporting
- Contribute to risk control framework
- Present risk and compliance insights
You will be successful in this role if you have:
Skills & Experience
- 10+ years risk, security and compliance experience
- Managing technology risk and compliance (ISO 27001/2)
- Knowledge of secure applications development standards and policies including DevSecOps (OWASP)
- Infrastructure security standards, policies and tools (Qualys/Tenable, Crowdstrike, TUFIN)
- Network zones, segregation and firewall rule standards
- Extensive knowledge of operational security and risk management for financial services delivery such as AML/CTF.
- Data protection and security standards, policies and procedures
- IAM, UAM, PAM
Qualifications
- Bachelor’s or Master’s degree preferably in technology/business from a reputable University
- Certifications in security, compliance, risk management.
Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.
Local employment practices and rights may vary by jurisdiction and are subject to applicable local laws. This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers.
If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at GlobalRecruiting@unisys.com. US job seekers can find more information about Unisys’ EEO commitment here.