Job Description

• Full-time continuing role as a Cyber Security Controls Assurance Manager, UNSW IT
• Excellent salary package available
• Location: Kensington campus in NSW (Hybrid Flexible Working) 2-3 days in the office

About UNSW:

UNSW isn’t like other places you’ve worked. We’re a large organisation with a diverse and talented community; a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. It’s the reason we’re one of the top 50 universities in the world and a member of Australia’s prestigious Group of Eight. If you want a career where you can thrive, be challenged and do meaningful work, you’re in the right place.

The Cyber Security Controls Assurance Manager is responsible for leading and owning the University’s cyber security controls assurance practices, ensuring that cyber security controls are effective, regularly tested, and continuously improved. Key responsibilities include developing and executing strategies for cyber security controls testing, facilitating the remediation of identified gaps, and delivery of cyber security metrics and reporting. Using these metrics and providing insights to inform executive level decision-making. This role reports to the Head of Cyber Security Governance & Assurance and has direct reports. The Cyber Security Controls Assurance Manager has high-level authority in cyber security assurance with accountability for significant organisational outcomes and capability uplift.

Specific accountabilities for this role include:

• Own and direct the strategic planning, execution, and continuous improvement of cyber security controls assurance testing, including regular controls effectiveness testing and gap assessments.
• Develop and implement an enterprise-wide continuous controls assurance testing strategy, with a focus on control monitoring, automation, uplift, and rationalisation.
• Oversee and deliver annual controls assurance testing activities, including penetration testing, application security assessments, and red teaming exercises, ensuring alignment with regulatory obligations.
• Facilitate post-testing assurance by reviewing findings, providing authoritative direction to senior stakeholders, prioritising remediation efforts, and managing closure of actions.
• Monitor, track, and ensure timely closure of findings, risks, and associated actions resulting from controls assurance activities, ensuring alignment with the University’s risk appetite.
• Own and govern the cyber security metrics and Key Risk Indicators (KRIs)/Key Control Indicators (KCIs) to measure performance and risk exposure.
• Lead the delivery and management of periodic cyber security metrics reporting.
• Present insights, information, and recommendations to leadership and stakeholders to inform decision-making and support organisational objectives, and present at regular GRC Community of Practice (CoP) and Developer Security CoP meetings to foster collaboration and knowledge sharing across faculties and divisions.
• Update and maintain the cyber security risk register with findings from testing, assessments, and performance metrics, ensuring that risks are tracked and mitigated.
• Act as the primary authority for cyber security assurance in internal and external audit engagements. Facilitate the remediation of audit findings, ensuring that identified risks are mitigated in accordance with agreed timelines and corrective actions are successfully implemented.
• Lead the maturity and management of Cloud Security Posture Management (CSPM) tools, including tuning, ongoing monitoring, and remediation activities, driving enterprise capability uplift and optimisation.
• Manage the delivery of expert-level source code reviews, including the integration of applications and repositories with security scanning tools (such as Checkmarx One) setting standards and assurance requirements across the University.
• Oversee the management of Checkmarx, ensuring the platform is effectively utilised for source code security scanning and application security assurance.
• Oversee crowdsourced security testing / bug bounty programs, ensuring these programs are aligned with security objectives and contribute to continuous improvement in security posture.
• Provide strategic cyber security consulting and advisory services to the Cyber Security Enablement Program and other key initiatives across the University, ensuring alignment with governance and compliance standards.
• Provide mentorship to junior members of the team, providing guidance, support, and professional development opportunities to ensure high performance and continuous growth.

Who you are:

• Extensive senior leadership expertise and supporting experience (7+ years) in cyber security controls assurance, with a proven track record in controls assurance testing, metrics reporting, and audit management.
• Strong experience with cyber security assurance tools such as Checkmarx, Lacework, BugCrowd, and similar platforms.
• Certifications such as CISSP, CISM, CRISC, CEH, or relevant certifications in security assurance and controls testing are highly desirable.
• Demonstrated experience in leading penetration testing, red teaming, application security assessments, and cloud security posture management within complex, large-scale environments
• Strong understanding of cyber security metrics, KRIs/KCIs, and their role in managing and communicating risk.
• Experience in working with risk registers and driving the remediation of risks and audit findings.
• Excellent communication, interpersonal, and leadership skills, with a proven ability to influence and engage stakeholders across all levels.
• Strong project management skills, with the ability to manage multiple initiatives simultaneously while maintaining a focus on quality and timelines.
• High level of motivation, resilience, and the ability to work both independently and as part of a collaborative team.
• Strong analytical and problem-solving skills, with the ability to present complex information clearly and concisely to diverse audiences.
• An understanding of and commitment to UNSW’s aims, objectives and values in action, together with relevant policies and guidelines.
• Knowledge of health & safety (psychosocial and physical) responsibilities and commitment to attending relevant health and safety training.

Benefits and Culture

• Flexible Working Options (work from home, flexible hours etc)
• Career development opportunities
• 17% Superannuation contributions and additional leave loading payments
• Additional 3 days of leave over Christmas period
• Discounts and entitlements (retail, education, fitness)

For further details on the benefits, please visit https://www.jobs.unsw.edu.au/lifestyle-benefits

How to Apply: please apply through the portal, we would like you to submit a full application including resume and addressing the who you are section.

Applications close: Sunday 12th of July at 11.30pm

Pre-Employment Checks
Aligned with UNSW’s focus on cultivating a workplace defined by safety, ethical conduct, and strong integrity preferred candidates will be required to participate in a combination of pre-employment checks relevant to the role they have applied for.

These pre-employment checks may include a combination of some of the following checks:-

• National and International Criminal history checks
• Entitlement to work and ID checks
• Working With Children Checks
• Completion of a Gender-Based Violence Prevention Declaration
• Verification of relevant qualifications
• Verification of relevant professional membership
• Employment history and reference checks
• Financial responsibility assessments/checks.
• Medical Checks and Assessments

Compliance with the necessary combination of these checks is a condition of employment at UNSW.

Get in Touch:

Jen MacLachlan

j.maclachlan@unsw.edu.au

Talent Acquisition Partner – UNSW IT

Please apply through the application portal and not via the contact above.

UNSW is committed to equity diversity and inclusion. Applications from women, people of culturally and linguistically diverse backgrounds, those living with disabilities, members of the LGBTIQ+ community; and people of Aboriginal and Torres Strait Islander descent, are encouraged. UNSW provides workplace adjustments for people with disability, and access to flexible work options for eligible staff. The University reserves the right not to proceed with any appointment.