Cyber Risk and Assurance Lead

Energy Australia external • Full-time • Victoria, VIC, AU • 2w ago

About the Role:

Cyber Security is one of EnergyAustralia’s top risks - part of our security strategy aims to significantly increase cyber security maturity across the organisation.

The Cyber Risk and Assurance Lead role will drive the execution of the organisation’s risk strategy whilst being accountable for delivering key assurance activities that evaluate the design and effectiveness of technology and cyber controls. Responsibilities include:

Lead and coordinate risk and assurance activities across the cyber domain, ensuring alignment with EnergyAustralia’s risk management framework
Facilitate AESCSF assessments conducted by an external provider, ensuring stakeholder readiness, coordination, and input to strategic remediation planning
Develop and maintain high-quality risk reporting, controls assurance insights, and recommendations for senior stakeholders and governance forums
Support and coordinate the delivery of external PCI DSS assessments with third-party vendors, ensuring scope, evidence, and stakeholder engagement is effectively managed
Lead the identification, assessment, and management of technology and cyber risks across IT and OT environments

About You:

You will have a minimum 5–7 years of experience in IT or Cyber Risk Management, Technology Assurance, or Governance roles and are experienced in uplifting both policy/procedures and team capability. Additionally, some of the following:

Strong understanding of enterprise risk management principles and regulatory compliance requirements
Demonstrated experience coordinating external assurance providers or audits (e.g., PCI DSS, AESCSF assessments)
Skilled in policy interpretation and control assessment and proficiency with GRC or third-party risk management tools
Relevant industry certifications such as CISA, CISM, or CISSP
Strong risk analysis and problem-solving capabilities with high attention to detail (including documentation)
Excellent written and verbal communication skills to engage with technical and non-technical stakeholders
Familiarity with critical infrastructure obligations (e.g., SOCI Act) is advantageous

Why join the Cyber Risk Team:

Purpose with impact
- The team is at the forefront of navigating complex challenges in a critical sector. The assurance you provide doesn’t just mitigate risks; it ensures the trust our customers place in us to deliver reliable, secure and sustainable energy without compromise
Trusted Expertise
- You’ll work alongside highly skilled professionals who value diverse perspectives and innovative ideas
Opportunities for growth
- You’ll have access to cutting edge technology, opportunities to lead and contribute to high impact projects and training programs and industry certificates to enhance your expertise

How to Apply:

If you’re ready to ‘light the way’ towards your next career move, click the 'Apply’ button to submit a confidential application. For any questions, please reach out to Jock Clydesdale, Talent Acquisition Partner @ jock.clydesdale@energyaustralia.com.au

Why Us:

At EnergyAustralia, we are committed to providing an inclusive culture so our employees can bring their whole selves to work and have a sense of belonging. As an employee you can enjoy such benefits as:

Employee discount on your electricity and gas, discounts on major brands and products
Energise Program - flexible working that is team centric enabling all individuals to agree and succeed together
Excellent company culture, down-to-earth and friendly organisation - be authentic, bring your whole self to work!
2 paid recharge days
State-of-the-art Melbourne office, stunning views only 3-4 minute walk from Southern Cross station
Onsite Tech Bar

We’re committed to providing an inclusive culture so our employees can bring their whole selves to work and have a sense of belonging. From our PRISM network that creates a positive culture for LGBTQ+ employees to our Reconciliation Action Plan that has commitments to strengthen relationships with Aboriginal and Torres Strait Islander people and organisations, it’s a workplace where everyone’s welcome.