Head of Cyber Security and Risk

In this newly created Head of Cyber Security and Risk role youll provide enterprisewide leadership to protect AFCA the essential services we deliver and the trust placed in us by the community.

Reporting to the Chief Technology Officer this senior leadership role is accountable for cyber security operations cyber risk governance and Technology Data & AI risk management. Youll be a proven leader in this space with significant experience who can set the strategic direction embed securitybydesign across the organisation and act as a trusted advisor to the Executive and Board.

What youll be responsible for:

• Owning enterprise cyber security outcomes ensuring threat detection incident response and recovery are aligned to AFCAs risk appetite
• Providing executive oversight of cyber incidents and breaches including escalation Board reporting and regulatory notifications
• Setting direction and success measures for cyber security operations with assurance over performance and continuous improvement
• Holding enterprise accountability for managed security services (e.g. SOC outcomes and service effectiveness)
• Owning AFCAs cyber security strategy policies and standards aligned to regulatory and compliance requirements
• Acting as AFCAs enterprise cyber risk owner including risk identification prioritisation treatment oversight and residual risk reporting
• Providing authoritative cyber risk advice to the CTO Executive Leadership Team and Board including investment and risk acceptance recommendations
• Embedding securitybydesign across architecture engineering platforms digital services and thirdparty integrations
• Providing assurance over major initiatives and suppliers including signoff on cyber risk posture and control adequacy
• Holding enterprise accountability for thirdparty and vendor cyber risk partnering with Risk Legal and Procurement
• Leading cyber capability culture and maturity across the organisation ensuring the right balance of internal expertise managed services and specialist support
• Driving organisationwide cyber awareness and accountability without owning daytoday training delivery

Qualifications :

What youll bring: 

• Significant proven leadership experience in cyber security across complex regulated environments. 
• Deep expertise in cyber operations incident response and threat management. 
• Strong grounding in cyber governance risk management and regulatory compliance. 
• Proven ability to communicate cyber risk clearly to executives and nontechnical stakeholders. 
• Experience managing managed security providers and complex vendor ecosystems. 
• Calm credible leader able to operate effectively during highimpact cyber incidents. 

Additional Information :

Whats on offer

• BOSS Best Places to Work 2024 credited for its culture engagement and flexible working arrangements. 
• Most Inclusive Workplace 2024  Australian HR Institute (AHRI) Awards. 
• Employer of Choice Public Sector and NFP  Australian HR Awards 2023 
• Bronze AWEI Accreditation 2024  Recognised for LGBTQ workplace inclusion. 
• Accredited Family Friendly Workplace  Supporting work-life balance and inclusivity. 
• Hybrid working  Flexible arrangements with state-of-the-art offices designed for collaboration and wellbeing. 
• Inclusive leave options  Flexible public holidays 20 weeks paid parental leave gender affirmation leave womens health leave and paid time off over Christmas. 
• Financial benefits  Not-for-profit salary packaging to boost take-home pay. 
• Locations  A team of over 1500 dedicated professionals based in modern Melbourne and Sydney CBD offices. 

To apply

If youre passionate about fairness and believe your skills align with this role we encourage you to applyeven if you dont meet every single criterion. 

We welcome applications from people of all backgrounds cultures abilities sexual orientations and gender identities. If you require any accessibility support during the recruitment process please reach out to our team at  

We believe fairness starts with people. Thats why we dont use AI or automated tools to screen candidates. As a result our processes may take a little longer and we thank you for your patience. 

AFCA is a 2025 Circle Back Initiative Employer - we are committed to responding to every applicant.  

Remote Work :

No

Employment Type :

Full-time