Global Director, Information Security And Data Governance

About Movember

Movember is the leading Men's Health Organisation and Charity changing the face of men's health globally, tackling mental health and suicide prevention, prostate cancer, and testicular cancer. In our mission to stop men dying too young, we're seeking an experienced Global Director, Information Security &
Data Governance to joinour Movember Tech Team based in Australia.

About the role

The Global Director, Information Security &
Data Governance is responsible for implementing and running our enterprise information security program. This will involve identifying, evaluating and reporting on legal &
regulatory, IT and cybersecurity risks, while supporting and advancing Movember's strategic objectives.

A key element of the Director's role is working with executive management to determine acceptable levels of risk for the organisation. They will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. The Director should understand and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to the board of directors and other senior stakeholders.

Some responsibilities will be:

• Leads the information security function across the company.
• Determines the information security approach and operating model in consultation with stakeholders.
• Provides regular reporting on the current status of the information security program to senior business leaders and the board of directors.
• Facilitates an information security governance structure through the implementation of a governance program, including the formation of an information security steering committee.
• Deploy and operationalise a data governance framework across Movember global divisions.
• Develops, socialises and coordinates approval and implementation of security policies.
• Works with the vendors to ensure that information security requirements are included in contracts.
• Develops an information security vision and strategy that is aligned to Movember's priorities.
• Develops, implements and monitors a strategic, comprehensive information security program including Data Governance to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by Movember.
• Develops and enhances an up-to-date information security management framework based on the following:
  International Organization for Standardization (ISO) 270001 and National Institute of Standards and Technology (NIST) Cybersecurity Framework.
• Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
• Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
• Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event;
  provides direction, support and in-house consulting in these areas.

For this role, you'll need:

• Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
• Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
• Up-to-date knowledge of methodologies and trends in both business and IT
• Project management skills:
  financial/budget management, scheduling and resource management

Bonus points for:

• The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
• Experience with contract and vendor negotiations.

Our employee benefits include:

• Flexible hybrid working from home and our modern Richmond office
• Finish work at 2pm on Fridays (Dec-Aug)
• NFP salary packaging (pay less tax)
• 13 weeks paid parental leave and 5 weeks annual leave
• Fun &
  collaborative culture with employee social events
• Free Headspace subscription and other wellbeing initiatives
• Relaxed dress code

Does this role sound up your alley?
If so, we'd love to hear from you. Click 'Apply' to send through your application.