Hey there, Cyber Security professionals. Fancy being at the helm of a cyber team that you can shape? Does your skillset walk the line between technical and compliance? Have you been on the tools but you’re ready to move into management? Want to make a genuine difference in a community?
You might like this one if your head was nodding or you found yourself saying “yes” to any of the above.
Before jumping into the role itself, you want to know what’s in for you, so below are some of the things you’ll receive, and can expect, in this permanent role in Western Melbourne.
- You’ll earn a base salary of up to $124k (super atop this), aligned w. your experience.
- You’ll work a 9-day fortnight, with a regular RDO each and every 2-weeks.
- You’ll enjoy a hybrid working model, currently 2 days in office each week.
- You’ll receive free on-site parking. For some, this’ll be a life saver!
- You’ll cop wellbeing days to spend… well, however you like. Massage? Pilates? Sleep in? Long weekend? You get the idea.
- You’ll get to recruit your 2nd report as soon as you step into the role – shape your own team from literally day-1.
- You’re going to be working with an excellent Manager. This is purely subjective, we get it, but if you get along with warm people with senses of humour, and the drive to genuinely do good work, you’ll probably like who you’ll report to.
- You’ll be joining an organisation who genuinely encourage better ways of working. Got an idea? Do it. Did it succeed? Great! Did it fail? No worries, dust yourself off and try again, as Aaliyah sagely tells us.
So, what will you be stepping into, and what will you be doing in this brand-new role? Simply put, you’ll be leading a small security function, in step with your manager. You’ll be directly managing 1 report (an eyes-on-glass type Cyber Security Analyst), and very quickly, you’ll be tasked with hiring your 2nd report (in the Application Security space).
You’ll be backing up the Security Analyst and filling gaps on the tools when needed, so you’ll need to be savvy with the keyboard at your fingertips but don’t stress; you won’t be on the tools every day. This organisation runs the Microsoft stack, so if you’ve used tools like Sentinel and Defender, great!
Tools and tech aside, you’ll be getting involved with the broader cyber GRC piece, which will take up around 70% of your time. The other 30% will be tech focused.
What are some of the first things you’ll tackle in this role? You know, you’ve got your feet under the desk, know where the kitchen and bathroom are, met your colleagues and… now what?
- You’ll establish an on-call roster for the team.
- You’ll start recruiting for the aforementioned AppSec role.
- You’ll get stuck into a VPDSS program, implementing required controls.
- You’ll support a Bus. Transformation project, from a cyber point of view.
- You’ll maintain the existing momentum with a vendor risk assessment program.
On the on-call side of things, let’s clarify that at times, you’ll have things to do outside business hours. Sometimes planned, sometimes unplanned, but please rest assured that it’s not regular. The on-call roster is simply a mechanism to determine who responds to things like incidents and breaches if they occur, which we all know can be a reality in the cyber landscape.
That said, you’ll cop an on-call allowance of $175 / week. Rest assured you ain’t doing this for free.
That’s some of the immediate, shorter-term stuff, but how about the long-term objectives of this role? Over time, what will you be contributing to? Generally, your longer-term work will focus on maintaining and realigning the Infosec roadmap which includes a whole host of things like:
- Undertaking phishing simulations.
- Performing Essential 8 maturity assessment.
- Improving the incident response plan (inc. some tabletop simulations).
- Conducting remediations after external pen tests have been performed.
- Policy reviews (from organisational and people, to systems and technical).
- Making certain the vulnerability management process is working as intended.
It goes without saying that in a role like this, you’ll be mixing and mingling with many a stakeholder. People in which areas/functions, precisely? How about IT, the CIO, Governance, Enterprise Architecture, Procurement, Risk, Privacy, Project Management and many others. Point is, you need to play nice with others, so a good attitude is a must.
To succeed in a role like this, what will you need? Let’s start by saying that this is something of a Goldilocks zone role. It won’t suit someone at the very start of their career as demonstrable experience is certainly required, and it wouldn’t likely suit an individual who’s been there and done that for many, many years.
So, can you point to a solid technical background and a bit of leadership/management experience, but you’re ready to step into a focused leadership role? This might be for you.
Some cyber compliance / GRC experience is required for this role as that piece will be the majority of your focus. VPDSS is the name of the game here, but if you can point to traversing ISO27001, NIST, or other relevant cyber frameworks, all good. No doubt what you’ve done in those spaces can translate to VPDSS.
The team currently work 2-days per week in the office, which is located in Melbourne’s western suburbs, +/- a 30 min drive from the CBD. We understand driving to Melbourne’s west isn’t everyone’s cup of tea so you’ll need to be happy with that arrangement but hey, you will have free parking.
It’s worth clarifying that you don’t need to be an Australian citizen for this role (being on a visa is fine), but you will need unlimited Aussie work rights. No sponsorship is available and those outside Australia can’t be considered, unfortunately.
So, let’s recap. If you can point to experience in the following, this could well be an excellent role to sink your teeth into and really make your mark.
- Cyber compliance / GRC experience (VPDSS preferable, but exposure NIST, ISO27k, E8, PCI-DSS or other frameworks could transfer to this role).
- Technical experience administering and securing many different tools and systems (experience with the Microsoft stack would be well received).
- Some managerial or leadership experience, but rest assured you don’t need to be the finished managerial article (have you guided junior team members before, or set rosters, assigned work, acted as an escalation point, “owned” a tool or small function, etc.?).
If any of this has piqued your interest, please consider applying. There’s much more information – technical and contextual – that can be shared with you on a confidential basis which may help you decide if this is the job for you.
HOW TO APPLY Please know that any application you make is treated with utter confidentiality. The only people who will know you’ve applied are you & me. Reach out, and let’s chat about what you want.
Click APPLY and/or contact Michael directly on mpearman@decipherbureau.com for a 100% confidential, informal conversation where your privacy will absolutely be respected.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.