Head of Security Risk & Governance

Job Description

Monday, 3 February 2025 Are you looking for an awesome place to work, where you can proudly be your authentic self, and be part of #oneteam? We are looking for a passionate team player who aligns with our values and culture, takes pride in their unique contributions, and can challenge the status quo with disruptive thinking. If this sounds like you, come and join us! The Opportunity We have an exciting opportunity to join Vocus as The Head of Security Risk and Governance in our team in either Melbourne, Perth or Sydney office. This role will provide strategic direction and authoritative oversight of Vocus’ security governance, risk and compliance (GRC) functions. The role ensures that Vocus security policies, controls, and risk practices remain robust, transparent, and responsive to evolving regulatory, compliance, and threat landscapes. What you’ll be doing day-to-day By harmonising strategic priorities with established frameworks and embedding risk reporting, awareness and accountability into decision-making processes, the Head of Security Risk and Governance strengthens our internal security risk management practices, ensures public trust through the management of audits, enhances market credibility by maintaining our accreditations, and upholds Vocus’ values. This position is also accountable for Vocus’ physical security in conjunction with facilities and network operations, and personnel security including the management of clearance holders in support of our Defence Industry Security Partnership (DISP) accreditation. This position will foster a high-performance culture of ethical leadership and continuous improvement, influence key stakeholders, lead security GRC reporting and build Vocus’ capability to support sustainable, risk-informed business outcomes. This role may require occasional after-hours engagement to manage emerging incidents or compliance deadlines. It also has potential interstate or international travel to liaise with regulators, auditors, and industry networks. This role operates within a complex, matrixed environment that demands agility, cross-functional collaboration, and alignment with broader strategic initiatives. What you’ll bring to this role Demonstrated experience in shaping and maintaining integrated security risk management, compliance and governance frameworks, ensuring alignment with organisational priorities, regulatory requirements, and industry standards. Expert knowledge of relevant regulatory and compliance frameworks, including NIST, ISO27001:2022, DISP, ISM, PCI-DSS and PSPF; and the ability to adapt strategies in response to evolving legislative and industry landscapes. Proven ability to lead large-scale, cross-functional initiatives that drive secure-by-design principles, policy optimisation, and effective control implementation. A track record of fostering a risk-aware culture, embedding systematic risk assessment, scenario planning, and clear reporting into critical decision-making processes. Evidence of strong stakeholder engagement, influencing senior executives, legal, compliance, audit, and finance teams to support well-informed and transparent governance outcomes. Advanced analytical and problem-solving capabilities, with the capacity to interpret complex data, metrics, and reports to inform strategic actions; as well as the ability to drive management, board and operational reporting. Strong communication, negotiation, and influencing skills to build trust and collaboration across diverse teams and functional areas. Demonstrated proficiency in policy development, security control optimisation, and risk assessment methodologies, combined with the capability to translate findings into actionable recommendations. Able to lead internal and external audits and ensure that any findings are implemented. Demonstrated capability to lead, mentor and build high performance teams. Familiarity with enterprise risk management tools, GRC (Governance, Risk & Compliance) platforms, and emerging security technologies. Experience in GRC policy-as-code and GRC automation will be highly regarded. Security risk quantification methodologies such as FAIR. Experience in adapting these methods to Board level reporting will be highly regarded. Experience engaging directly with regulators, industry bodies, and auditors, shaping external perceptions and reinforcing organisational credibility. Knowledge of supply chain security frameworks and global best practice to further integrate governance measures throughout the extended enterprise environment. Practical experience with the Protective Security Policy Framework (PSPF) would be highly regarded. Qualifications & Education Bachelors in cyber security, information assurance, risk management, law, business administration or a related field; a postgraduate qualification is advantageous. Relevant professional certifications (e.g., CISA, CRISC, CISSP, CISM CGEIT) preferred, illustrating commitment to ongoing professional development. What We Offer Working at Vocus will give you rewarding experiences and the opportunity to do extraordinary work. You will enjoy: Diverse and dynamic teams with a supportive and inclusive culture. Supportive career development plans with comprehensive ongoing training, support, and development opportunities. Flexible hours and a hybrid working environment. Generous discounts on power, gas, mobile and internet; plus, discounts to over 400 retailers. Competitive leave benefits, including anniversary leave, purchased leave, parental leave, volunteering leave, study leave, and much more. We also offer a fifth week of annual leave when you hit five years of service! Study assistance programs to excel your personal growth, learning and development. Health and wellness offerings, including access to our wellbeing initiatives that can help you from a financial, psychological, and physical perspective. Working at Vocus is never just a job – it’s personal. We’re crazy about our customers and believe our people are the difference. Our wonderfully diverse team and a vibrant culture define us. We care about the impact we have on our people, our customers, and our communities and are committed to operating as a responsible, ethical business. We pride ourselves on setting audacious and ambitious goals and believe that we can play our part in changing the Australian telecommunications landscape and make a fundamental difference to people’s lives. With us, you’ll have the opportunity to lead and inspire teams, work on projects that are shaping the future of telecommunications and become part of a culture that thrives on creativity, encourages new ideas, and provides a collaborative and inclusive environment. About Us As Australia’s specialist fibre and network solutions provider, we own and operate 25,000km of secure, high-capacity fibre connecting people, businesses, governments, and communities across Australia to the world. Through our well-known retail brands, we deliver simple and affordable broadband, mobile, voice and energy services with the purpose of Building Critical Connections. Enabling Better Possibilities. Ready to take the next step? If you like the sound of this role and think you’d do a great job, but are worried you don’t tick every box, we encourage you to back yourself – we know that diverse groups are less likely to apply for roles they’re not 100% qualified for, but just as likely to succeed at them! We are a proud equal opportunity employer committed to providing a safe, diverse, and inclusive working environment where all our team members feel like they belong. We know diversity makes us stronger and we encourage applications irrespective of background, age, origin, gender, sexual orientation, identity, or ability. If you feel comfortable, please let us know if you have any accessibility requirements upon application, so we can make any adjustments required to support you throughout our recruitment process. #J-18808-Ljbffr