General Manager Cyber & Information Security

We're reimagining the way Australians live, work, and play. We own and manage some of the most recognisable and loved retail destinations across Australia.

 
We’re evolving our portfolio into destinations that offer a broad selection of retail, residential, and office spaces. Through our diverse portfolio, data-led decision-making, and nationwide development pipeline, we do things differently.

We are Vicinity.

Role purpose

Establish and maintain the enterprise vision, strategy, and program to ensure data, in any format, and privacy are adequately protected.

Key Accountabilities

People Leadership (PL roles only)

• All elements of the annual performance cycle are completed by the due date (including goal setting, mid-year reviews, EOY conversations)

• Regular 1:1’s, team meetings and development conversations conducted - minimum monthly cadence

• Performance issues are managed in an effective and timely manner

• Quarterly development conversations conducted with all team members

• 100% of compliance training is completed on time for team

• All health and safety, risk and compliance requirements are delivered across the team

• Effective management of budgets as per forecast with demonstrated focus on managing cost

• Demonstrated commitment to building own capability as a people leader

Cyber Security

• Develop and implement a comprehensive cyber security strategy aligned with business objectives covering the Vicinity corporate information (OT) assets and shopping centre operational technology (OT) assets. This includes information security risk management, cyber incident response, and the implementation and management of IT security technologies to protect Vicinity against threats that may compromise the confidentiality, integrity or availability of data and critical systems.

Data Governance

• Establish and enforce data governance framework, policies and procedures to ensure data integrity, availability, and confidentiality.

Privacy

• Acting as the Privacy Officer for the company, oversee the development and implementation of privacy policies and day to day privacy related matters e.g. handing privacy complaints or inquiries, to ensure compliance with privacy laws and regulations, protect personal data, and maintain the trust of customers and stakeholders.

Operations & Strategic Delivery

• Establishing and implementing a strategic, comprehensive enterprise cyber security and data governance framework and programs related to information security, IT risk management and data management lifecycles.

• Providing regular reporting on data governance and cyber security programs to Executive Leadership Team, Risk, Compliance and ESG Committee (RCEC) and the board of directors.

• Developing and managing the Cyber and Information Security team to implement the cyber security and data governance strategy.

• Overseeing incident management and response planning of security breaches, and assist with investigation, disciplinary and legal matters associated with such breaches

• Working directly with the business units to facilitate risk assessment and risk management processes.

• Identifying, developing and implementing information security policies, standards, procedures and guidelines.

• Leading cyber and data security culture change and overseeing the development and implementation of security awareness training programs.

• Coordinating with technology functions and business stakeholders to assess, implement, and monitor IT-related security risks/hazards.

• Identifying potential threats and vulnerabilities to the organisation’s information systems through ongoing monitoring and assessment

Key Role Relationships

• ELT, BLT, Board members, Legal Counsel, Risk & Compliance team, functional managers across divisions.

• Managed service providers, vendors, consultants.

• Australian Cyber Security Centre (ACSC)

Experience & Capabilities

ESSENTIAL EXPERIENCE (what you have done)

• Bachelor’s degree in computer science or business information management

• Over 10 years of experience in managing a cyber security or other related technology function

• Extensive experience in managing vendor relationships and negotiating contract terms and pricing for technology products and services

• Demonstrated ability to handle major incident response and investigation end to end

CRITICAL KNOWLEDGE (what you need to know)

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, PCI DSS and NIST.

• Proven experience with cloud (IaaS and PaaS) services, preferably with Microsoft Azure and AWS

CAPABILITIES (what you can do)

• Preferred but not mandatory, hold at least one or more industry security Certification (e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Security Professional (GISP), GIAC Security Leadership Certification (GSLC))

PERSONAL ATTRIBUTES (who you are)

You consistently demonstrate and role model the behaviours that bring the Vicinity values to life:

Respect:

• We listen to and acknowledge each other's views

• We have difficult conversations with care

Integrity:

• We back our words with the right actions

• We do the right thing, no matter the situation

Customer Focus:

• We nurture a genuine connection with our customers

• We consider customer needs when making decisions

Collaboration:

• We invite the right people to the table

• We balance consensus with decisive actions

Excellence:

• We always strive to improve

• We share our challenges and celebrate the wins

Why Vicinity?

Our benefits program focuses on creating an awesome place to work in which our people are rewarded and recognised. This includes:

• Flexible working options 
• Birthday leave & purchased additional leave
• $1,000 worth of VCX securities rewarded for eligible team members
• Internal mentoring program
• Generous Parental Leave

We live and work by our values of Respect, Integrity, Customer Focus, Collaboration and Excellence.  They are the foundation to everything we do and provide us a north star with which we can shape meaningful places where communities connect.

At Vicinity we embrace and celebrate diversity and are committed to creating an inclusive work environment where we attract, retain and develop our people regardless of gender identity, ethnicity, sexual orientation, disability and age. Applications are encouraged from all sectors of the community and we strongly encourage applications from the Aboriginal and/or Torres Strait Islander community.

Our people and our Employee Advocacy Groups (Gender Balance, Cultural Diversity, Disability & Access and Pride & Allies) actively build community and provide allyship within Vicinity. If you’d like to speak to someone to understand what it’s like firsthand to work here, please reach out to our Talent Acquisition team.

We are aware of current limitations with our website accessibility and are working towards improving this. Should you experience any issues accessing information in this job advertisement or the application form, and require this in an alternate format, please contact our Talent Acquisition Team. Similarly, if you would like to discuss workplace accessibility, any reasonable adjustments we can make to better support you during the recruitment process, or your potential future role please reach out to our Talent Acquisition team:

Email: talent.acquisition@vicinity.com.au

Phone: +61 3 7001 4000 (request to speak to our Talent Acquisition team)

Note: To be eligible to apply for this position, you must have existing, relevant Australian work rights. At the later stages of the recruitment process the shortlisted candidate/candidates will be required to undergo a Criminal History Background/Police Check as a mandatory part of the process. Additional qualification checks may also be required dependant on role and level.