Information Security Officer

Who are we?
It’s an exciting time to join our organisation! On 1 March 2023, two of Australia’s most successful member-owned banking organisations merged, to form Heritage and People’s Choice – Australia’s leading mutual banking organisation and a genuine, member-owned alternative to the major banks. 

We exist to create a better future for our members and the communities in which they live. 

We are 100% member owned, with approximately 720,000 members and 1,900 employees.  We have dual head offices in Adelaide and Toowoomba, and 95 branches across South Australia, Victoria, New South Wales, Queensland and the Northern Territory, trading under two brands, Heritage Bank and People’s Choice. 

When you come to work at Heritage and People’s Choice, you’ll be joining a team of inclusive, friendly, and motivated employees who value making a difference every day for our members, community, and the planet. We are committed to creating an outstanding working environment where you feel supported, can continue to develop and are proud advocates of our members and our business.

About the role:
As an Information Security Officer you will manage, support and coordinate Information Security (IS) risks, programs and initiatives for the Bank. You will also assist in managing and maintaining the Bank’s Information Security Policy, Governance, Risk and Compliance function.

• Support in developing strategies and action plans to drive control maturity improvements in areas where controls do not adequately mitigate risks.
• Partner with IT and other business areas to develop risk mitigation strategies, solutions, and recommendations to reduce components, systems, or enterprise security risk.
• Manage the 3rd party’s IS risk assessments process to ensure risk transparency and business acceptance, contractual obligations, due diligence assessments and enable risk-based decision making to support the Bank’s regulatory and compliance obligations.
• Developing, updating and providing an effective reporting (framework) for the Head of TISR on a frequent basis. The reporting may be used for the Board, Senior Executive Group and/or other key stake holders.
• Develop, document, and assess measures, metrics, and internal controls related to IS/Cyber security assessments and acceptance.
• Support the Head of TISR in establishing annual and long-term goals, defining risk and governance strategies, metrics, and reporting mechanisms.

About You:
You will have the ability to effectively communicate with stakeholders at various levels within the organisation, alongside this you will also have excellent problem solving abilities and analytical skills. You can see the bigger picture with high attention to the critical details. 

• Bachelor’s degree in Computer Science or related discipline or equivalent work experience
• One of the following information security certifications preferred: CISSP, CISM, CRISC, CGEIT, CISA or Equivalent
• Minimum 5 years in Information Technology with 2 years of information and cyber security relevant experience
• Knowledge of Information Security concepts including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Third Party IS Assessment, Secure Configurations, Patch Management, etc.
• Thorough understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)
• Knowledge of Information Security related frameworks such as, ISO 27001, NIST 800-53, NIST Cyber Security Framework, Cobit.
• Preferred knowledge of Prudential Standards CPS231, CPS232, CPS234, CPS235
• Experience with the use of GRC systems such as RSA Archer and ServiceNow.

We embrace flexible ways of working for the successful candidate. Our teams can be based in either our Toowoomba office, Brisbane office, Adelaide office or hybrid work options available.

Benefits of working for us   
We believe the little extras can make a big difference in supporting your success. That’s why we offer great incentives and benefits including: 

• Paid parental leave and special leave provisions 
• Flexibility and hybrid working arrangements 
• Employee banking benefits and discounted insurances 
• Work from anywhere philosophy with the flexibility to work from home or in the office 
• Career development opportunities, and ongoing training, coaching and support 
• A dedicated Employee Assistance Program for you and your family to access in times of need 
• Paid volunteering days and access to a diverse range of community and charitable initiatives 

If you are ready to join a supportive team who are passionate about the work they do and the results they achieve, then click ‘Apply’ now and submit your application, including a cover letter and current resume.

We are committed to diversity and inclusion and support candidate requests for adjustments to accommodate disability, illness or injury, to enable everyone to equitably participate in our selection process.

If you would like more information, please email the Talent Acquisition Team on [email protected]