Cyber Resilience Team Lead
Acknowledgement of Country
CSIRO acknowledges the Traditional Owners of the land, sea and waters, of the area that we live and work on across Australia. We acknowledge their continuing connection to their culture and pay our respects to their Elders past and present. View our vision towards reconciliation
Child safety
CSIRO is committed to the safety and wellbeing of all children and young people involved in our activities and programs. View our Child Safe Policy.
The opportunity
- Lead CSIRO’s cyber security resilience across the organisation, including support to key projects
- Drive priorities, manage resources, & deliver high-quality outcomes
- Embed secure-by-design practices with enterprise-wide impact
CSIRO is seeking an experienced leader to manage its Cyber Security Resilience team. This team plays a vital role in ensuring that CSIRO’s services are secure-by-design and aligned with acceptable risk levels. Working across the entire organisation and a range of strategic projects, the team delivers cyber security engineering and assurance artefacts, identifies risks, and provides recommendations to support informed decision-making.
The successful candidate will be responsible for leading the team’s delivery of security resilience activities in line with business impact levels, managing complex workloads and resources, and ensuring high-quality outputs. The role also involves close collaboration with peers in Cyber Operations, and IM&T to embed standard security processes and ensure ongoing assurance of systems and applications throughout their lifecycle, in line with organisational risk appetite and stakeholder expectations.
Your duties will include:
- Maintain and establish collaborative and productive relationships with CSIRO operational and research stakeholders to maintain secure delivery of business goals within CSIRO organisational risk appetite.
- Maintain and establish collaborative and productive relationships with project stakeholders to enable secure delivery of business goals within CSIRO organisational risk appetite.
- Take ownership of technical assurance capabilities such as vulnerability management, penetration testing with a view to optimise and mature these capabilities.
- Lead CSIRO’s supplier cyber risk assurance capabilities to ensure CSIRO suppliers and third-parties risks remain within acceptable levels.
- Take ownership of cyber awareness capabilities of the organisation by developing and implementing a longitudinal, multi-faceted cyber awareness program.
- Be responsible for running and improving CSIRO’s cyber architecture capabilities.
- Review and approve cyber security resilience activity artefacts produced by the team prior to release and escalate any significant risks to the Chief Information Security Officer in partnership with key stakeholders.
- Manage cyber security related tickets/requests and reporting, budget planning and forecasting, and delivery of security engineering and assurance activities.
Location: Open to be based from Sydney (Lindfield), Melbourne (Clayton), Canberra (Black Mountain), Brisbane (St Lucia), Hobart (Sandy Bay), Adelaide (Waite)
Salary: AU$131,113 - AU$153,639 plus up to 15.4% superannuation
Tenure: Indefinite
Reference: 100266
To be considered you will need:
- Tertiary and/or industry qualifications in cyber security, IT or equivalent discipline.
- At least two (2) years managing a cyber security team in an operational or assurance capacity, or at least five (5) years managing an IT team.
- Demonstrated experience with leading the design, engineering and architecture of cyber security controls and application of cyber security assurance capabilities or resources
- Demonstrated experience in the application of cyber security and/or information security principles, and best practices.
- Demonstrated experience in identifying, evaluating, and mitigating risks within an Enterprise environment.
- Demonstrated experience in managing a technology service/ area or technically leading/designing an enterprise solution.
- Demonstrated knowledge of enterprise and solution architecture, business analysis and requirements development, vulnerability scanning, penetration testing, threat/risk/gap assessments, compliance audits, and code analysis.
- Proven track record of effective ticket or request management providing advice to end users and stakeholders as well as issue/problem resolution.
- Demonstrated ability to communicate, collaborate and work effectively across organisational boundaries and levels with initiative and autonomy.
- Demonstrated ability to coordinate and manage competing priorities including engagement across multiple IMT strategic projects, day to day operational service delivery, reporting, capacity management, budget management, team management, and project management.
- Demonstrated ability and willingness to contribute novel ideas and approaches in support of scientific research and keeping the organisation cyber safe.
Desirable: - Experience in supporting multiple complex projects.
- Experience with the Protective Security Policy Framework (PSPF).
- Experience with Australian Cyber Security Centre (ACSC) security guidance, NIST SP guidelines, and Centre of Internet Security (CIS) benchmarks.
- Good understanding of shared responsibility model in the cloud and/or on-premises.
- Familiarity with Australian legislation including (but not limited to) the Privacy Act 1988 (Cth) and the Archives Act 1983 (Cth); and
- Relevant security industry certifications from certification bodies such as ISACA, ISC2, SANS, PECB, SABSA Institute, The Open Group etc.
For full details about this role please review the Position Description
Eligibility
This is a security assessed position, applicants must be an Australian citizen, with successful candidate either holding or having the ability to obtain a Negative Vetting 1 Australian Government security clearance. Appointment to this role is subject to provision of a national police check and may be subject to other security/medical/character requirements.
Flexible working arrangements
We work flexibly at CSIRO, offering a range of options for how, when and where you work.
Diversity and inclusion
We are working hard to recruit people representing the diversity across our society, and ensure that all our people feel supported to do their best work and feel empowered to let their ideas flourish.
About CSIRO
At CSIRO Australia's national science agency, we solve the greatest challenges through innovative science and technology. We put the safety and wellbeing of our people above all else and earn trust everywhere because we only deal in facts. We collaborate widely and generously and deliver solutions with real impact.
CSIRO is committed to values-based leadership to inspire performance and unlock the potential of our people.
Join us and start creating tomorrow today!
How to apply
Please apply on-line and provide a cover letter and CV that best demonstrate your motivation and ability to meet the requirements of this role.
Applications close
13 July 2025, 11:00pm AEST
Acknowledgement of Country
CSIRO acknowledges the Traditional Owners of the land, sea and waters, of the area that we live and work on across Australia. We acknowledge their continuing connection to their culture and pay our respects to their Elders past and present. View our vision towards reconciliation
Child safety
CSIRO is committed to the safety and wellbeing of all children and young people involved in our activities and programs. View our Child Safe Policy.
The opportunity
- Lead CSIRO’s cyber security resilience across the organisation, including support to key projects
- Drive priorities, manage resources, & deliver high-quality outcomes
- Embed secure-by-design practices with enterprise-wide impact
CSIRO is seeking an experienced leader to manage its Cyber Security Resilience team. This team plays a vital role in ensuring that CSIRO’s services are secure-by-design and aligned with acceptable risk levels. Working across the entire organisation and a range of strategic projects, the team delivers cyber security engineering and assurance artefacts, identifies risks, and provides recommendations to support informed decision-making.
The successful candidate will be responsible for leading the team’s delivery of security resilience activities in line with business impact levels, managing complex workloads and resources, and ensuring high-quality outputs. The role also involves close collaboration with peers in Cyber Operations, and IM&T to embed standard security processes and ensure ongoing assurance of systems and applications throughout their lifecycle, in line with organisational risk appetite and stakeholder expectations.
Your duties will include:
- Maintain and establish collaborative and productive relationships with CSIRO operational and research stakeholders to maintain secure delivery of business goals within CSIRO organisational risk appetite.
- Maintain and establish collaborative and productive relationships with project stakeholders to enable secure delivery of business goals within CSIRO organisational risk appetite.
- Take ownership of technical assurance capabilities such as vulnerability management, penetration testing with a view to optimise and mature these capabilities.
- Lead CSIRO’s supplier cyber risk assurance capabilities to ensure CSIRO suppliers and third-parties risks remain within acceptable levels.
- Take ownership of cyber awareness capabilities of the organisation by developing and implementing a longitudinal, multi-faceted cyber awareness program.
- Be responsible for running and improving CSIRO’s cyber architecture capabilities.
- Review and approve cyber security resilience activity artefacts produced by the team prior to release and escalate any significant risks to the Chief Information Security Officer in partnership with key stakeholders.
- Manage cyber security related tickets/requests and reporting, budget planning and forecasting, and delivery of security engineering and assurance activities.
Location: Open to be based from Sydney (Lindfield), Melbourne (Clayton), Canberra (Black Mountain), Brisbane (St Lucia), Hobart (Sandy Bay), Adelaide (Waite)
Salary: AU$131,113 - AU$153,639 plus up to 15.4% superannuation
Tenure: Indefinite
Reference: 100266
To be considered you will need:
- Tertiary and/or industry qualifications in cyber security, IT or equivalent discipline.
- At least two (2) years managing a cyber security team in an operational or assurance capacity, or at least five (5) years managing an IT team.
- Demonstrated experience with leading the design, engineering and architecture of cyber security controls and application of cyber security assurance capabilities or resources
- Demonstrated experience in the application of cyber security and/or information security principles, and best practices.
- Demonstrated experience in identifying, evaluating, and mitigating risks within an Enterprise environment.
- Demonstrated experience in managing a technology service/ area or technically leading/designing an enterprise solution.
- Demonstrated knowledge of enterprise and solution architecture, business analysis and requirements development, vulnerability scanning, penetration testing, threat/risk/gap assessments, compliance audits, and code analysis.
- Proven track record of effective ticket or request management providing advice to end users and stakeholders as well as issue/problem resolution.
- Demonstrated ability to communicate, collaborate and work effectively across organisational boundaries and levels with initiative and autonomy.
- Demonstrated ability to coordinate and manage competing priorities including engagement across multiple IMT strategic projects, day to day operational service delivery, reporting, capacity management, budget management, team management, and project management.
- Demonstrated ability and willingness to contribute novel ideas and approaches in support of scientific research and keeping the organisation cyber safe.
Desirable: - Experience in supporting multiple complex projects.
- Experience with the Protective Security Policy Framework (PSPF).
- Experience with Australian Cyber Security Centre (ACSC) security guidance, NIST SP guidelines, and Centre of Internet Security (CIS) benchmarks.
- Good understanding of shared responsibility model in the cloud and/or on-premises.
- Familiarity with Australian legislation including (but not limited to) the Privacy Act 1988 (Cth) and the Archives Act 1983 (Cth); and
- Relevant security industry certifications from certification bodies such as ISACA, ISC2, SANS, PECB, SABSA Institute, The Open Group etc.
For full details about this role please review the Position Description
Eligibility
This is a security assessed position, applicants must be an Australian citizen, with successful candidate either holding or having the ability to obtain a Negative Vetting 1 Australian Government security clearance. Appointment to this role is subject to provision of a national police check and may be subject to other security/medical/character requirements.
Flexible working arrangements
We work flexibly at CSIRO, offering a range of options for how, when and where you work.
Diversity and inclusion
We are working hard to recruit people representing the diversity across our society, and ensure that all our people feel supported to do their best work and feel empowered to let their ideas flourish.
About CSIRO
At CSIRO Australia's national science agency, we solve the greatest challenges through innovative science and technology. We put the safety and wellbeing of our people above all else and earn trust everywhere because we only deal in facts. We collaborate widely and generously and deliver solutions with real impact.
CSIRO is committed to values-based leadership to inspire performance and unlock the potential of our people.
Join us and start creating tomorrow today!
How to apply
Please apply on-line and provide a cover letter and CV that best demonstrate your motivation and ability to meet the requirements of this role.
Applications close
13 July 2025, 11:00pm AEST
< Back to list