Information Security Risk and Assurance Manager

More than one million Australians trust HESTA with their money. HESTA is a top-performing industry super fund working for real-world impact. We use our expertise and influence to deliver strong long-term returns while accelerating our contribution to a more sustainable world.  
 
HESTA is also an inspiring and rewarding place to work. That’s because what we do makes a difference to the lives of our members. The people who work at HESTA are not only exceptional at what they do, they’re focused on living and creating a strong organisational culture. We’re an industry super fund dedicated to the people who keep our communities going. People who provide some of the best health, education and community services in the world are HESTA members – and we are proud to serve them.  
 
Bring your authentic and passionate self to this exceptional role #careerswithimpact  
 
Are you an experienced Information Security Risk and Assurance Manager ready to leverage your experience and make an incredible impact? Reporting to the General Manager Information Security in this pivotal role to ensure information security risks, regulatory and compliance obligations are being met and aligned with HESTA’s information security strategy.
  
What You’ll Do:
 
Leadership of the Information Security Risk and Assurance team

• Lead and manage the Information Security Risk and Assurance team (includes Information Security Risk and Assurance Specialists, and Vulnerability Management Lead).
• Coach and mentor as a people leader to build a high performing and engaged team.

Governance and Assurance

• Contribute to the delivery of HESTA’s information security program, strategy implementation, key initiatives and priorities.
• Lead the uplift of maturity and operations of HESTA’s Information Security Governance, Risk and Assurance framework, policies and standards
• Ensure timely delivery of the Information Security Controls Testing program and identify opportunities for improvement.

Risk Management

• Information Security risk management in line with HESTA’s risk management methodology.
• Identify information security risks, reporting, coordinate internal security audits and other security related audits.

About You:

You will be an experienced and passionate Information Security leader that has led Security, Risk and Assurance teams, preferably within a regulated industry (Super, Financial services and/or Energy).

You will have a strong understanding of security obligations for APRA regulated entities, experience and knowledge of security standards and frameworks such as NIST Cybersecurity Framework, ISO27001/2, CIS Benchmarks including building security controls and compliance requirements. Experience with governance tools such as One Trust or Archer GRC, an understanding of cloud environments and security principles across IaaS, PaaS and SaaS. 

You will be agile in your approach, embrace impactful leadership and work collaboratively with key stakeholders to ensure outcomes are achieved. You will provide leadership and support to ensure that a strong security posture is achieved and maintained in alignment with the HESTA’s information security strategy.

Benefits that matter and make a difference for our employees  
 

• Leave for those moments that matter, an additional 6 days of leave at the end of year, up to 6 days paid volunteer leave, gender neutral paid parental leave of 20 weeks, Gender Affirmation leave, reproductive health and wellbeing leave, Cultural and Ceremonial leave. Access your LSL after 3 years, take AL at half pay, and purchase up to 2 weeks additional leave (just to name a few).  
• Your professional development matters, up to $5k per year professional development and up to 8 days professional development leave, HESTA scholarships and free access to a range of premium learning tools.  
• Your health and wellbeing matters, free annual flu shots and skin checks, incredible social events throughout the year and a comprehensive employee assistance program available 24/7.  
• Your financial wellbeing matters, up to 15% super, financial planning support, end of year payment for all Enterprise Agreement-covered employees, incentivised Employee Referral Program and novated lease options.  

 
We celebrate, value and include people of all backgrounds, genders, identities, cultures and abilities. We welcome and support applications from First Nations people, physically, neuro or culturally diverse, LGBTQI+, and people of any age. We are proud to be WGEA accredited as an Employer of Choice for Gender Equity.   

We want all candidates to feel safe, included and provided with the best opportunity to thrive, if you require reasonable adjustments during your application or throughout the recruitment process, please reach out to a member of the Talent team careers@hesta.com.au and we’ll call you to discuss.   

Please note: Applications via recruitment agencies will not be accepted for this position.