Job Title: Cyber and Information Security Lead

Location: Sydney CBD (Hybrid Work - 3 days in the office, 2 days WFH)

About the Role

We are seeking a highly motivated and technically skilled Cyber and Information Security Lead to join a fast-growing, innovative organisation. This role is perfect for someone with a strong background in security architecture and consulting, who is comfortable balancing high-level strategy with hands-on operational tasks.

You will be responsible for managing and improving the company's information security practices, ensuring compliance with standards, mitigating risks, and responding to external due diligence requests. This position offers the opportunity to work closely with senior stakeholders and make a tangible impact within a dynamic, technology-driven environment.

Key Responsibilities:

Security Operations:

• Manage security events and alerts via Microsoft Sentinel/Defender.
• Update Sentinel rules and adapt playbooks and automations.

Compliance & Certification:

• Maintain and enforce IT security policies (ISO27001-based) and lead efforts to achieve ISO27001 certification.
• Ensure compliance with Azure security policies and identify vulnerabilities.

Threat and Vulnerability Management:

• Prioritise and remediate vulnerabilities across applications, servers, devices, and databases.

IT Change and Risk Management:

• Review IT change management processes, assess solution design risks, and oversee governance.

Information Protection & Access Control:

• Classify and protect sensitive data to mitigate risk.
• Review and optimize logical and physical access controls.

Third-Party and Asset Management:

• Assess IT supplier contracts and manage third-party risks.
• Ensure lifecycle management and inventory compliance for IT assets.

Stakeholder Collaboration:

• Collaborate with engineering, IT, and business teams to support secure system development.
• Respond to client and partner due diligence requests regarding security readiness.

Essential Skills and Experience:

• Proven experience in cyber and information security risk management, including threat detection, vulnerability assessment, and mitigation strategies.
• Expertise with Microsoft Azure security tools (Defender, Sentinel) and hands-on technical knowledge.
• Strong background in security architecture and operational tasks, including SOC operations.
• Ability to navigate both strategic and operational responsibilities in a fast-paced environment.

Advantageous Experience:

• Familiarity with insurance industry standards and regulations.
• Strong technical acumen, aligning with an engineering-driven organisational culture.

Why Join?

• Dynamic Work Environment: Collaborate with a talented team in a hybrid work setup (3 days in office, 2 days WFH).
• Impactful Role: Shape and implement security practices in a growing and innovative organisation.
• Growth Opportunities: Be part of an evolving business with opportunities for personal and professional development.

If you are passionate about cyber and information security and are ready to make an impact, apply now with your updated CV!

Note: This is a permanent role. Applicants must have full working rights in Australia.