• Job Description

  Req#: 8M3BC
  Acknowledgement of Country: Hostplus acknowledges the Traditional Owners of the land, sea and waters, of the area that we live and work on across Australia. We acknowledge their continuing connection to their culture and pay our respects to their Elders past, present and emerging. About us: At Hostplus, we passionately provide our over 1.7 million members with the best possible service; constantly looking for new ways to deliver better value while helping members get the most out of their super. We are inspired to help our members achieve greater security for their future and ensure they retire with dignity. Your role at Hostplus will give your career meaning, whether you're in marketing, financial advice, Operations or any of our other divisions - you'll be contributing to ensuring our members retire with the best possible outcomes, and what better feeling is there than knowing your role helps someone to retire with dignity and security? About the role: As our Senior Security Analyst, you will be at the forefront of fortifying our security governance, risk, and compliance initiatives with unbridled passion and expertise. This role plays a crucial role in Hostplus’ security governance, risk, and compliance (GRC) management activities and your focus will be on driving business and supplier engagement while providing impeccable security advice, ensuring our organisation's resilience against any vulnerabilities or incidents. Reporting to the Information Security Manager in the Technology Department, your knowledge of security frameworks, such as APRA CPS234, NIST CSF, CIS 18, ASD Essential 8, and ASD ISM, gives you an edge over conventional security analysts. Your diverse experience in using governance, risk and compliance platforms, like Archer, to effectively manage and report on security risks, control effectiveness, information assets, supplier security posture and security issues sets you apart from the rest. As an adept security risk assessment performer, you stay on top of the latest resources about security threats, vulnerabilities and available controls to manage them with unparalleled zeal for securing member data and win:win approach to challenges. You know how to unpack complex technical, contractual and procedural security issues by talking to experts and asking the right questions. You will be responsible for specifying and advising on the design of security controls and ensuring controls operating effectiveness through regular security controls testing as defined in the Hostplus Information Security Management Framework (ISMF). Some Key Responsibilities: * Conduct solution security assessments of security controls to identify potential security vulnerabilities and threats to Hostplus’ information assets and related IT infrastructure. * Ensure any gaps or weakness found in controls testing are remediated. * Implement and maintain consistent and reliable IT security risk management processes with key stakeholders and ensure these processes are recorded in the Hostplus’ GRC system and integrated in the three lines of defence approach to security. * Maintain the Line 1 security controls design and operating effectiveness assessment program in accordance with the Hostplus Security Calendar. * Maintain the Hostplus Information Asset Register to ensure that it is complete and accurate. * Monitor and report on the security risks and incidents affecting the business and facilitate the implementation of appropriate risk mitigation measures and security controls. * Document agreed security measures as technical, operational, and contractual requirements. * Ensure compliance of IT solutions and services to the security requirements in relevant agreements and the Hostplus Information Security Policy and supporting standards and frameworks. * Act as a liaison between the business units and the security functions, providing guidance, advice, and support on security-related matters. * Assist in security incident response activities and maintain incident response plans and procedures. * Assist in the execution of other security tasks as required by the Hostplus Information Security Manager, Head of IT Service Governance, Executive Manager Technology, or the relevant Group Executive. About you: * Bachelor’s degree in information technology or other relevant qualifications and certifications. * Proven experience performing security risk assessments on business solutions and services. * Strong knowledge of security, risk, compliance, and control practices expected of Third Parties, IT General Security Controls or Cyber Security audit experience. * Strong stakeholder management to coordinate with various business and internal stakeholders. * Security framework experience – APRA CPS234, NIST CSF, CIS 18, ASD Essential 8, ASD ISM * Understanding of a wide variety of technologies such as firewalls, intrusion detection and prevention systems, CASB, SASE, networking, databases, applications, security platforms, and Azure cloud. * Knowledge of resources to help stay current with security threats, vulnerabilities, and controls. * Certification in auditing (CISA), security management (CISM), security controls and risk management (CRISC), SANS GIAC, + or CISSP are highly desirable. * Experience in managing 3rd party supplier security assessments is a plus. * Experience working in an APRA regulated entity or in a security consultancy is highly regarded. Why work for us: Our employees are passionate about what we do and are proud to be part of an organisation which helps everyday Australians achieve a brighter future. We value diversity of thought and have an open & flexible workplace. Some industry leading benefits we offer include: * 15% superannuation. * Access to subsidised financial advice. * Salary packaging. * Hybrid working arrangements, work remotely & in the office. * Excellent EBA conditions eg: paid parental leave, long service leave at 5 years, additional leave over Christmas shutdown. What next: If you are interested in this opportunity, please follow the prompts to formally apply. We are passionate about creating an inclusive workplace that promotes and values diversity. We believe diversity of thought, background and experience strengthens relationships and delivers meaningful benefits to our people, our members, and the communities we operate in. We welcome and encourage applications from people of all backgrounds, ages, religions, including Aboriginal and Torres Strait Islander Peoples, LGBTIQ+ people, those with a disability, women, and people with a cultural or linguistically diverse background. We have an important duty to our members, all appointments are made subject to a satisfactory National Police, Bankruptcy and Insolvency Check. We Care: We care about our work, our clients and colleagues. Better Together: We’ve got each other’s backs, and we never walk alone. Go For it: We are optimistic, and we focus on solutions, not problems. Keep it real: We are honest, genuine, straightforward and transparent. Be Proud: We are proud of who we are and the work we do every single day.

• About the company

  Hostplus is the industry superannuation fund for employees in hospitality, tourism, recreation and sport. Join now and get super informed.

Notice