Head of Information Security

Nous Group is seeking an experienced and hands-on Head of Information Security to lead security strategy, security engineering and GRC (Governance, Risk and Compliance). This permanent, full-time position offers the flexibility of a hybrid working model, including time in our state-of-the-art office at Melbourne Quarter on Collins St – a space designed to inspire innovation and collaboration.

The purpose of this role is to manage and mature Nous’ information security management programs to enhance security posture and meet required standards in accordance with regulations and legislation. The ideal candidate will come from a strong technical security background, with exceptional leaderships skills and a deep understanding of governance, risk and compliance, pertaining to cyber security.

Nous is a great place to work…

Nous Group is an international management consultancy with over 750 people working across Australia and New Zealand, the UK, Ireland and Canada. We are a values-based organisation that is inspired and determined to improve people’s lives in significant ways. Working in unique, cross-disciplinary teams we create innovative and enduring solutions that transform businesses, governments, and communities. We realise a bigger idea of success.

Nous Group is proud to be recognised as a Great Place to Work in the UK, Canada, and Australia, reflecting our expanding global influence and success. Nous consistently garners accolades as an exceptional workplace through various competitive reviews. We've been acknowledged as one of LinkedIn’s Top Companies for career growth in Australia and have been awarded Best Management Consulting Firm by the Australian Financial Review on multiple occasions.

Key responsibilities:

• Lead, mentor, and support a high-performing information security team, ensuring team members maintain up-to-date skills and certifications aligned with evolving security needs.
• Oversee the ongoing development and implementation of an effective, practical Information Security Management System (ISMS) framework
• Lead the preparation, review, and delivery of the security strategic plan, including preparing Board reports
• Coordinate security assurance activities, such as penetration testing, and security audits (e.g. ISO 27001, Essential 8 and UK Cyber Essentials)
• Assess third party information security risks and perform security assessments on IT vendors and apps, including AI apps
• Ensure compliance with best practice standards, including ISO 27001, Essential 8, NIST CSF, the Australian Government Protective Security Policy Framework (PSPF) and the Defence Security Principles Framework (DSPF)
• Develop and maintain security and information management related policies and procedures
• Oversee the effective management and administration of Nous’ information security tools and systems, including those related to endpoint protection, email-filtering/anti-phasing, antivirus, data loss prevention, SIEM etc.
• Lead the response to security breaches and data leaks, including investigation, containment, reporting, submissions to relevant authorities and stakeholders and post incident reviews
• Respond to internal and external enquiries in relation to security management
• Oversee the administrative process for obtaining security clearances for Nous staff

You are:

• An exceptional communicator, both written and verbally
• Passionate about security and information management
• Impeccable integrity and trustworthiness
• A person with strong interpersonal skills, and the ability to build relationships across the business and influence
• A person with exceptional attention to detail and thorough in approach
• Able to understand the business problem/intent and think beyond the technical

Skills and experience:

• Strong technical experience in security, using a variety of tools (ideally CrowdStrike, Mimecast, Defender, Purview or others)
• Working knowledge of how to apply information security best practices (e.g. ISO 27001, NIST, Essential 8 etc) in a professional services environment
• Knowledge of theoretical and practical security processes and concepts
• Practical experience in security related strategic planning, audit and compliance
• Practical experience developing security policies, procedures and processes
• Awareness of the Australian Government Protective Security Policy Framework and/or the Defence Security Principles Framework
• Expertise assessing security controls across an organisation and translating findings into action
• Demonstrated consultative approach with a clear ability to build strong relationships with business stakeholders at all levels
• Ability to obtain an Australian Government security clearance (NV1 or higher)
• Knowledge of other security and risk control frameworks such SOC 2 reports and ISO 31000

What makes Nous a Great Place to Work?

Our aim is to deliver a flexible experience that delivers positive influence and growth for you, our colleagues, and our clients. Below are some of the ways employees at Nous are encouraged to enjoy that experience:

• Giving all employees greater flexibility around public holidays. Understanding that people of different cultures, religions, and political beliefs may wish to choose to take alternate days of leave from scheduled holidays
• Hybrid working, with monthly remote working allowance, and once off payment to set up your work-from-home office
• A collaborative bonus that reflects company performance, and is available to all
• Celebrating commitment to Nous by enabling access to long service leave after five years of employment
• Supporting working parents by providing 18 weeks of paid primary carer parental leave and 10 weeks of paid secondary carer parental leave (access to parental leave is gender neutral).

Finally, the important details… 

Nous is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We welcome applications from people of all backgrounds, including Aboriginal and Torres Strait Islander people. Nous is a flexible workplace that offers consulting opportunities on a full-time and part-time basis.To apply for a role at Nous in Australia you must have Australian Permanent Residency or right to work in Australia. Please note if you are successful in the recruitment process, you will be required to undertake background screening prior to your commencement at Nous.