Job Title

Information Security Officer:

Job Description Summary

We are seeking an experienced Client IT Security Manager to lead the ongoing management and enhancement of our Information Security Management System (ISMS) in alignment with ISO 27001, IRAP, and Australian Government security requirements. In this key role, you will oversee audits, risk management, compliance activities, and security governance across our client‑facing environments.

Job Description

Must be an Australian citizen due to account requirements.

Key Responsibilities

ISO 27001 Responsibilities

• Own and maintain the Australia ISMS, including documentation and review schedules.

• Manage ISO 27001 audits and implement corrective actions.

• Lead biannual ISMS management reviews and annual internal audits.

• Oversee quarterly control monitoring and maintain compliance and risk registers.

• Coordinate local vendor risk assessments and ensure alignment with global standards.

• Support incident management, BCP planning, and ISMS testing.

• Conduct regular security and physical checks.

• Oversee data retention and deletion in line with regulations.

• Provide quarterly leadership reports and manage ISMS communications.

• Participate in global policy and standard review.

IRAP Responsibilities

• Define assessment boundaries and scope based on Australian government services.

• Maintain compliance with Authority to Operate (ATO) requirements, assessing risks for any deviations.

• Review documentation and controls per the Australian Government Information Security Manual (ISM).

• Ensure alignment with ASD’s IRAP Common Assessment Framework.

• Develop and update required security artifacts (e.g., System Security Plan, Statement of Applicability, Security Risk Management Plan).

• Oversee technical configuration reviews, evidence collection, and IRAP assessment reporting.

• Document and address residual risks

Additional Responsibilities

• Work with application owners on vulnerability remediation and reporting.

• Manage cyber security incident notification and communication between internal teams and clients.

• Support local IT and service line teams with compliance requirements, client tender submissions, and audit requests.

• Participate in client security audits and support document requests to meet auditor's timeline.

Required Skills & Experience

• Strong knowledge of ISO 27001, IRAP, and Australian Government ISM.

• Experience in risk management, audit coordination, and compliance within multinational or regulated environments.

• Excellent communication, stakeholder management, and leadership.

• Skilled at managing multiple priorities and collaborating across teams.

• Preferred certifications: CISM, CISSP, ISO 27001 Lead Implementer/Auditor.

• Strong team-building and relationship skills, especially during change.

• Ability to align business goals with partners.

• Familiar with risk assessment, IT policies, standards, and training.

• Broad IT expertise (e.g., distributed computing, networks, financial applications, security, business recovery).

• 5–7+ years in IT Risk and/or IT Audit.

If you’re ready to take ownership of a critical security function and work collaboratively across a global organisation, we’d love to hear from you.

As an equal opportunity employer, Cushman & Wakefield encourages Aboriginal and Torres Strait Islander and female candidates to apply. Cushman & Wakefield promotes safety at all times.

INCO: “Cushman & Wakefield”