Chief Information Security Officer

See yourself being part of a large, transformational change? This could be the role for you

Who We Are

At Iress, we believe technology should help people perform better every day. Since our beginning in 1993, people across financial services have trusted us to take their performance to the next level. From the world’s most established financial brands to new and disruptive players, we help improve every aspect of our clients’ businesses so that they can work better, every day. Iress is one of Australia’s largest technology companies and employs more than 2,250 people across Asia Pacific, North America, Africa and UK & Europe.

Role Purpose

The primary focus of the role of the Chief Information Security Officer is to provide strategic leadership, direction and guidance across Technology Risk and Cyber security globally. The role will lead the risk, audit, compliance, security and assurance capabilities.

The CISO is responsible for the information security management program and ensuring Iress and Iress' client information assets are adequately protected. The role has a substantial external-facing component to liaise with clients, regulators and supply-chain stakeholders.

The role will ensure the alignment of the security strategy with business objectives while promoting a culture of strong security and building cyber-awareness across the organisation. These will be measured by the effective and relevant reporting of cyber metrics.

Your objectives and responsibilities will focus on...- Building and sustaining a Technology and Cyber risk-aware culture in Iress. Communicating the value of having and executing an appropriate Information Security strategy to everyone at Iress. Maintain an effective cybersecurity and technology risk training program for Iress people.- Assessing cybersecurity and technology risk strategy requirements through effective collaboration across the global leadership groups. Ability to acquire and manage the necessary resources to support the execution of the IS strategy. Provide relevant and appropriate advice to senior leadership on the costs and benefits of cybersecurity programs, policies, processes, systems and controls.- Taking accountability for maintaining cybersecurity incident response plans and playbooks, ensuring effective incident detection and response capabilities exist and are validated.- Managing relationships with external stakeholders to understand requirements for cybersecurity, demonstrate compliance, manage incidents and receive/disseminate threat intelligence and incident data.- Building effective relationships with engineering teams enabling and increasing the shift-left movement of security as it relates to Iress software and engineering processes and practices.- Responsibility for ensuring Iress and its clients are adequately protected from technology and cyber incidents using the Iress risk management framework as a guide.- Accountability for effective delivery of Information Security engagements with clients. Ensures Iress clients have a clear and consistent understanding of Iress' security and technology risk processes and policies.- Working proactively with other leaders to drive excellence, and create scale and leverage to enable a safe and secure operating environment for the benefit of Iress and clients.- Promoting and communicating the technology vision and strategy with the Technology Risk and Cybersecurity strategy. Engage with teams to increase the understanding of outcomes required. Anticipates changing business, client and security needs and leads the function in realigning priorities and people accordingly and within constraints- Drive all areas of improvement to security capability, inspire through strong leadership, coaching and mentoring across teams.

To be successful in this role you will

Have significant commercial experience in cybersecurity-specific roles, with a postgraduate qualification in information security or equivalent training.

Prior experience includes:
- Assessing the adequacy of cybersecurity controls at an individual, system and organisational level with an ability to formulate recommendations for improvement.- Extensive experience leading, investigating, responding to and mitigating cybersecurity and technology risk-based incidents.- Deep technical experience and a demonstrated understanding of how people, computer systems, and networks operate and interact and how these systems are exploited.- Leading teams that leverage cloud-based infrastructure and services as a foundation for delivering quality software and solutions.- Demonstrate ownership of commercial relationships of global agreements and managed budgets greater than $5m.- Experience of working cross functionally. With a proven track record of understanding and contributing to effective team functioning. Creating a motivational and inspirational team-oriented, collaborative environment.-
- Ability to build consensus, demonstrating the confidence to act q