• Unique and dynamic environment
• Exciting time of growth
• Sydney CBD location with consideration for remote work

• Lead cyber intelligence-led Red-Team exercises, providing the Council of Financial Regulators (CFR) with expertise and reporting on financial institutions' cyber resilience.
  • Oversee exercises and serve as the interface to participating companies involved.
  • Support participating companies throughout the entire duration of an exercise.
  • Support program leads / colleagues as required and jointly oversee the exercise.
• Contribute to the strategic control and management of the CORIE program and guiding framework.
• Participate in internal and external program management groups.
• Perform thematic analysis of cyber assessments and present results.
• Contribute to embed cyber resilience within the CFR's broader operational resilience approach and frameworks.
• Stay informed on the evolving regulatory landscape and emerging operational resilience challenges facing Australia’s financial sector, with a focus on cyber resilience.
• Contribute actively to the development of new cyber tools and practices to maintain their relevance for the CORIE program and framework.
• Contribute the preparation, submission and presentation of reports related to the progress of cyber resilience assessments, as required.
• Draft papers for regulatory groups on cyber resilience trends and changes.
• Help to maintain effective working relationships with government agencies including APRA, ASIC, ACSC, Home Affairs, and other organisations.
• Help to develop and maintain effective relationships with industry service providers, supporting the growth of resource availability and capability in country.
• Contribute to thought leadership on cyber matters including leading activities to upskill colleagues and peers and efforts of the Australian regulators to maintain and enhance the cyber supervisory approach.
• Help to develop and maintain effective working relationships with peers in overseas central banks and industry governing organisations.
• Represent the RBA/CFR in industry forums, working groups, and external engagements to share insights and contribute to the advancement of cyber resilience regulatory initiatives.

• Significant experience of delivering cyber risk and resilience reviews and assessments, including scenario-based testing in the context of intelligence-led Red-Teaming or penetration testing, threat modelling or simulation exercises.
• Knowledge of cyber threat landscape and technology trends.
• A broad understanding of general cybersecurity and information technology topics and principles relevant to a modern enterprise environment.
• Knowledge of relevant cyber security standards, best practice, and guidelines.
• Excellent project management skills (planning, resource management, risk management) including delivery of complex projects.
• Demonstrated ability to collaborate on work to produce the best outcomes for stakeholders.
• Excellent analytical and problem-solving skills able to turn analysis into relevant output.
• Ability to provide subject matter expertise confidently using appropriate judgement.
• Proven business partnering experience.
• Excellent communication skills, both verbal and written, with the ability to draft and present briefings for senior stakeholders and to present clear conclusions and recommendations.
• Be a highly motivated and pragmatic thinker, capable to challenge confidently in new environments.

• At least 2 years dedicated technical or non-technical experience in a Cyber Threat Intelligence, Red-Teaming or cyber regulatory role.
• Alternatively, 3 years’ experience in other IT Security functions, or project/program/risk management.
• Bachelor's degree in a relevant field, Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM), and/or equivalent practical experience.
• Operational knowledge of CORIE or another similar framework.
• Understanding and knowledge of cyber and/or information security related regulations, guidelines, and standards particularly in relation to the Australian financial industry (e.g. CORIE, CPS234) and the international regulatory landscape (e.g. TIBER-EU, EU DORA, CBEST).
• Experience with finance sector service providers.

September 15, 2024