Cyber Risk and Audit Manager
Who is QAL?
Queensland Airports Limited (QAL) is an accomplished airport operator which owns and operates Gold Coast, Townsville, Longreach, and Mount Isa airports – connecting the Gold Coast and northern NSW, along with regional Queensland, to the rest of the country and beyond. We are an Australian-owned company with a vision to engage customers, connect communities and deliver exceptional experiences – and a commitment to delivering for the communities where we operate.
QAL is formally recognised as a ‘Great Place to Work – Certified’ organisation – currently the only airport operator in Australia with this certification. QAL is dedicated to a target of net zero Scope 1 and Scope 2 emissions by 2030. With strong passenger numbers, terminal upgrades underway, and the Gold Coast Airport’s new terminal expansion officially open – there has never been a better time to join QAL.
What you’ll contribute to:
An exciting opportunity has recently become available for an experienced, enthusiastic, and innovative Cyber Risk & Audit Manager Engineer to join the QAL Technology team. Reporting directly to the General Manager of Technology, providing thought leadership in the areas of information security, cyber risk, and technology audit. The role will establish the Cyber Risk & Audit practice and develop the organisation’s information and cyber security strategy. The Cyber Risk & Audit Manager will direct the implementation and monitoring of information security standards and policies in addition the role also provides information security guidance to executive leadership within the organisation by recommending information security investments that mitigate risks, strengthen defences, and reduce vulnerabilities for development, internal and client-facing systems and products.
Rachna is the Cyber Security Analyst and has been a member at QAL for 2.5 years. She shares her unique experience working with QAL below:
The Technology team and all staff at QAL are very friendly and the work environment is happy and healthy, which makes me love working at QAL. From the senior leadership, our team is strongly encouraged to be able to have flexible working arrangements, which is useful to maintain work-life balance. QAL is a great place to work with a diverse and inclusive culture. It gives me a fantastic opportunity to work in an environment to enhance my professional and technical skills. The knowledge I have gained from my studies, at QAL I am able to apply the practices to the real world. QAL also has a good reward and recognition culture – which encourages me to achieve more and more every day.
I joined QAL two and half years ago in a Cyber Graduate role. This was an amazing opportunity to kickstart my career in technology because QAL offered a first-level role which further provided me opportunities to learn, grow and contribute to the business as a Cyber Security Analyst. The technical knowledge and skills I can offer can assist our organisation to achieve and maintain good cyber hygiene practices.
How will you make an impact?
We are looking for a responsible, analytical and committed individual with demonstrated cyber risk and auditing experience. You will pride yourself on delivering excellent technology solutions and an in-depth understanding of cyber technology.
The key accountabilities for the Cyber Risk and Audit Manager role include, but are not limited to:
- Build, motivate and manage information security staff supporting the organisation’s goals
- Lead the process of developing an information security vision for the future, Working across technology and business domains.
- Defining enterprise policy, developing technology architecture, implementing global controls and monitoring/reporting of performance
- Manages audit and regulatory inquiries and external vendor activities to help represent the Company from an information security, recovery, and technology risk perspective
- Develop and maintain strategic relationships with all technology partners to manage technology risk vendor relationships, product selection and negotiation of high-level contracts and consulting agreements to provide services and capabilities for the protection of organisational assets
- Manage the optimisation of the performance of people, including determination of capabilities, integration into teams, allocation of tasks, direction, support, guidance, motivation, and management of performance
- Develop business cases and other financial documents to ensure value for money of solutions
- Possess strong decision-making capabilities, with the proven ability to weigh the relative costs and benefits of potential actions and identify appropriate actions.
- Ensures Cyber outcomes are delivered to ensure regulatory compliance and meets the needs of the business
- Responsible and major contributor to ensuring all technology changes are reviewed and implemented successfully via the Cyber reviews, Governance reviews and the CAB process
- Ensures all Cyber risk, audit, and other reviews are carried out, documented, completed, and adhered to
The successful candidate will have a minimum of 8 years of professional experience in running an information security function, and 10+ years of industry experience including consulting. You will have experience working with national and international regulatory compliance frameworks such as C2MS, ISO, EU DPD, and PCI DSS.
You will have an outcome-focused mindset and a working knowledge of information policy formulation and information security management, business and technology risk and asset risk management, governance formulation and organisational change management, as well as technology policy management and auditing. You must be able to interact positively and build relationships with a broad range of stakeholders to achieve team objectives.
What we offer you?
As a company that has been awarded a Great Place to Work accreditation, this is an opportunity to be part of a progressive organisation and assist in the transformation and growth of the business. We offer a competitive salary and benefits commensurate with skills and experience. Flexible working options are available for all employees. At QAL, we uphold the philosophy that the smooth integration of life and work benefits all. We call it Living Well.
QAL supports an inclusive approach and values diversity within the workplace. We aim to provide opportunities that allow individuals to reach their full potential regardless of their background, gender, age, work status, religious or cultural identity. Aboriginal and Torres Strait Islander peoples are encouraged to apply.
The successful candidate will be required to adhere to QAL’s Drug and Alcohol Management Plan (DAMP, which includes pre-employment Drug and Alcohol Testing, and have the ability to obtain an Aviation Security Identification Card (ASIC).
If you are interested in this role and would like to explore in more detail the key responsibilities, please obtain the role description from the careers page at www.qldairports.com.au.