Principal IT Security, Risk & Compliance

What success looks like in this role:

Security Data Protection & Compliance Leadership

• Lead IT security information & data security and compliance functions
• Establish and maintain policies standards and frameworks
• Ensure alignment with ISO 27001 and Australian regulations (CPS 230

Risk Management & Governance

• Own and maintain IT and data risk register
• Maintain risk governance framework
• Identify opportunities for risk mitigation scope uplift initiatives present justification to UMP leadership and manage their delivery.

Security Risk & Compliance Reporting

• Develop monthly governance reports covering security posture risks and compliance gaps
• Keep abreast of global information/data security threats/events
• Present insights and improvement opportunities to leadership and in governance forums.

Security Operations & Tooling

• Oversee SIEM/SOC DLP PAM endpoint and network security identifying opportunities for uplift and proactively addressing them.
• Proactively monitor and manage vulnerabilities across applications and infrastructure.

Platform & Infrastructure Security

• Secure HCI virtualisation Windows and Linux environments
• Establish standards and guidelines for infrastructure components for hardening and secure configuration.
• Provide guidance and planning input for scoping and delivering penetration tests by third party partners of UMP.
• Review change requests from a security and compliance perspective.
• Establish standards for network security and monitor them.

Data Security & Privacy

• Define data classification handling retention and protection standards
• Oversee encryption masking and DLP controls

API & Application Security

• Enforce API security standards
• Promote OWASP-aligned DevSecOps practices incorporating those principles during design and reviewing scanning results to monitor compliance.

Regulatory & Audit Management

• Ensure compliance with Australian regulations
• Lead audits and maintain audit readiness

Governance & Stakeholder Engagement

• Chair security governance forums
• Contribute to security and vulnerability reporting
• Contribute to risk control framework
• Present risk and compliance insights

You will be successful in this role if you have:

Skills & Experience

• 10 years risk security and compliance experience
• Managing technology risk and compliance (ISO 27001/2)
• Knowledge of secure applications development standards and policies including DevSecOps (OWASP)
• Infrastructure security standards policies and tools (Qualys/Tenable Crowdstrike TUFIN)
• Network zones segregation and firewall rule standards
• Extensive knowledge of operational security and risk management for financial services delivery such as AML/CTF.
• Data protection and security standards policies and procedures
• IAM UAM PAM

Qualifications

• Bachelors or Masters degree preferably in technology/business from a reputable University
• Certifications in security compliance risk management.

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age caste citizenship color disability family medical history family status ethnicity gender gender expression gender identity genetic information marital status national origin parental status pregnancy race religion sex sexual orientation transgender status veteran status or any other category protected by law.

Local employment practices and rights may vary by jurisdiction and are subject to applicable local laws. This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers.

If you are a US job seeker unable to review the job opportunities herein or cannot otherwise complete your expression of interest without additional assistance and would like to discuss a request for reasonable accommodation please contact our Global Recruiting organization at . US job seekers can find more information about Unisys EEO commitment here.