About Us

At ANZ, we're applying new ways technology and data can be harnessed as we work towards a common goal: to improve the financial wellbeing and sustainability of our millions of customers.

About the Role

This role is responsible for leading the development, implementation, and ongoing management of the information security program for ANZ Staff Super, to ensure compliance with CPS 234 and alignment with broader information security good practice.

The Information Security Manager provides expert advice and supports secure operations across internal and outsourced environments. The role acts as the organisation’s primary contact for cyber and data protection matters, including active engagement with the CISOs of major third-party service providers. It supports the executive team by translating technical risks into business impacts and developing actionable plans to proactively protect members’ data. 

What will your day look like?

• Designing, implementing and maintaining the Information Security Management Framework, ensuring compliance with external regulatory requirements and relevant standards, including CPS 234, ISO 27001 and NIST
• Contributing to service provider contract reviews, ensuring the inclusion of information security obligations for service providers
• Overseeing and assessing the design and operational effectiveness of security controls implemented by service providers to ensure adherence to agreed technology and information security standards
• Acting as the primary liaison for all security-related matters with external service providers' CISOs and internal information security stakeholders
• Conducting or coordinating regular security risk assessments, threat analysis and system vulnerability reviews and assessing assurance reports, penetration testing and incident response readiness
• Assessing the impact of technology and security risks and the effectiveness of proposed controls, recommending and overseeing the implementation of treatment plans as required
• Providing actionable, risk-based advice on secure business operations, including communication channels, data handling, and workflow design
• Leading the development and execution of the Fund’s cybersecurity incident response plan, including security incident management and reporting processes, ensuring timely and compliant responses
• Leading activities to sustain and improve compliance with internal information security policies, including developing and delivering security awareness training
• Staying abreast of evolving threats and regulatory requirements, proactively assessing impact and driving required change
• Supporting compliance with CPS 230 and FAR by providing assurance to accountable persons on information security risks and controls
• Supporting the executive team and Board with clear reporting on security risks, assurance gaps, and security maturity uplift plans

What will you bring?

• Proven experience in information security or cyber risk management in an APRA regulated environment
• Demonstrated experience overseeing third-party service provider information security risk and managing third-party risk
• Strong knowledge of CPS234, ISO 27001, NIST CSF, or similar frameworks
• Experience working within or alongside a large, mature IT or risk governance structure (e.g. within a financial services group)
• Excellent communication skills, able to bridge business and technical discussions and influence decision-making
• Relevant qualifications preferred (e.g. CISSP, CISM, CRISC, ISO 27001 Lead Implementer)
• Proven experience in defining and delivering an information security /technology assurance strategy
• A track record in a technology risk, assurance, information security audit or compliance-based role
• Strong controls framework understanding and experience
• Strong understanding of regulatory and business operating risk environment, monitoring legislative change and regulator sentiment to identify emerging risks and actions to ensure compliance
• A strategic thinker who is able to understand business and customer impacts arising from technology risk
• Strong analytical and problem-solving skills to develop pragmatic solutions for the business
• Ability to drive and manage own workload and operate within defined deadlines

So why join us?

From the moment you join ANZ, you'll be doing meaningful work that will shape a world where people and communities thrive.

But it's not just our customers who'll feel your impact. You'll feel it too. Because at ANZ, you'll have the resources, opportunities, and support you need to take the next big step in your career.

We're a diverse bunch at ANZ in different roles, different locations, doing different things. That's why we have a range of flexible working arrangements, so our people can 'make work, work for them'. We also provide a range of benefits including access to health and wellbeing services and discounts on selected products and services from ANZ and more.

At ANZ, you'll be part of an organisation where the different backgrounds, perspectives and life experiences of our people are celebrated. That's because we're committed to building a workplace that reflects the diversity of the communities we serve. We welcome applications from everyone and encourage you to talk to us about any adjustments you may require to our recruitment process or the role itself. If you're a candidate with a disability or access requirement, and have an enquiry about the support provided, please let us know on your application or visit ANZ Accessibility and Inclusion Programs for alternate contact methods.

To find out more about working at ANZ, visit https://www.anz.com.au/careers. You can apply for this role by visiting ANZ Careers and searching for reference number 106349 .

Job Posting End Date

05/12/2025 , 11.59pm, (Melbourne Australia)