Share this Job

Cyber Security Consultant

At IAG, we live and work by our purpose to make your world a safer place. We are motivated by a unique culture that celebrates honesty, creativity, empathy, equity and collaboration. We call it the IAG way, and it means we all share a ‘ready for anything’ mindset that sets the tone for positive actions and positive outcomes. We put heart into everything we do which guides us to create amazing things for our customers, our people and our communities.  
We’re brimming with ideas, ambition and a readiness to apply bold thinking and risk awareness to make a difference where it matters most. 
As the largest general insurance group in Australia and New Zealand, we own some of the region’s most trusted brands, including NRMA Insurance, CGU, SGIO, SGIC and WFI. We are ready for anything. 


•    Permanent Opportunity 
•    Sydney or Melbourne CBD 
•    Cyber Security Consultant (Group Risk)


The Role 
Working with business and technology stakeholders, you will develop and measure security and risk metrics and develop reporting to key management and governance stakeholder audiences. 
Additionally, you will be involved in managing IAG security Policies and Standards, develop & operate security governance processes and Line 1 Operational risk management for the Cyber Security Group. 
You will be a key member of a team responsible for ensuring appropriate cyber risk management is performed and information and insights are provided to key decision makers.


Key Responsibilities
•    Develop, maintain and distribute operational, management and executive targeted security reports, ensuring pertinent security information and insights are available to decision makers in a timely and quality manner. - 40%

•    Develop, maintain and operate security metrics and key risk indicators that indicate the level of operation risk and measure performance of security related controls in the IAG business operating environment - 30%.

•    Manage Cyber security standard exception and exemption records throughout their lifecycle, ensuring appropriate risk mitigation and risk acceptances are properly recorded and documented actions are completed. - 25 %

•    Develop, maintain and operate CPS234 Material Security Incident and Material Security Weakness regulatory notification processes, ensuring timely analysis and processing to meet regulator notification timeframes. - 5%

Skills & Experience
•    Skills and experience in development of Security Metrics and authoring of regular cyber security reports to Senior Management, Board of Directors and Regulatory audiences.
•    Strong communication and writing skills with high attention to detail for producing board papers
•    Operational Reporting and data visualisation
•    Basic understanding of security control domains such as Identity & Access Management; Threat Intelligence; Vulnerability Management; Security Incident Management; Application, Infrastructure, Data and Network Security
•    Negotiation skills
•    A working knowledge of regulatory and industry requirements governing Australian and New Zealand Financial enterprises (e.g. CPS220, CPS234, PCI-DSS)
•    Experience in business reporting development at Strategic, Operational and Tactical levels.
•    Experience in developing and monitoring Key Risk Indicators and Key Performance Indicators.
•    Demonstrated experience in Cybersecurity risk management.
•    Experience in Australian / New Zealand Financial Services industry
•    Proven capacity for building relationships and influencing senior stakeholders.
•    Experience with frameworks such as NIST CSF, NIST SP 800-53, ISO27001/2, ISO31000, COBIT
•    Familiarity with industry regulation, including APRA Prudential Standards, Australian Privacy Act and PCI-DSS
•    Experience with Governance, Risk and Compliance (GRC) tools such as ServiceNow GRC.
•    Relevant tertiary qualifications in a field related to the role (technology or commercial)
•    Relevant professional memberships and certifications
o    CRISC, CGEIT and CISA qualifications highly regarded

Ready for anything? Let’s talk.
Start your career journey with us and click ‘Apply’! Applications close on Friday 5th March 2021
IAG rewards and recognises its people with generous benefits, career development opportunities and real work-life balance. Employees also enjoy 13% superannuation, up to 50% insurance discounts, flexible work and leave options, generous parental leave and return to work programs, various corporate partner discounts and a people-focused culture that celebrates achievements big and small. 
Creating a workforce that actively embraces diversity, inclusion and a sense of belonging is key to our success. We believe in treating everyone fairly which means that inclusion, removing barriers, striving for equity and embracing diversity are woven through our values and behaviours.  We encourage applications from all backgrounds and communities and are committed to providing a work environment that enables you to thrive, whatever your circumstances. If we can provide support with access requirements, alternative work arrangements please advise us via your application.
IAG has committed to the reconciliation movement in Australia for First Nations people and focus on providing a safe and supportive work environment for all our employees. More information on our Reconciliation Action Plan can be found on our company website.