Work Type: Ongoing - Full-time
Salary: $138,631 - $185,518
Grade: VPS 6
Occupation: IT and telecommunications
Location: Melbourne - CBD and Inner Metro suburbs
Reference: VG/DE/FPIS/1904432
About the Role
The Policy and Compliance Advisor support the Information Security Branch to maintain strong, enforceable, and fit-for-purpose compliance and contractual governance across both school and corporate environments. The role provides holistic compliance advice across regulatory, policy, contractual, and audit obligations, ensuring clear linkage to the Department of Education's risk appetite and compliance framework. Key deliverables include embedding measurable security and compliance obligations into contracts and service agreements; maintaining robust compliance and obligation registers; supporting audit readiness and attestation activities (e.g., VPDSS, VMIA, ISO 27001); and uplifting security policies, standards, and control sets in response to evolving frameworks such as VPDSS, ISM, ISO 27001 and Essential Eight. Working collaboratively with Legal Services, Procurement, contract managers, and operational and risk teams, the role drives consistent definition, tracking, and assurance of obligations across ISS and service delivery partners, including documented risk acceptance or compliance exemptions and escalation of matters requiring senior decision-making.
Attributes
Demonstrated capability to provide practical, outcomes-focused compliance and policy advice within complex or regulated environments, with strong attention to detail and an ability to interpret obligations and translate them into actionable controls, contract clauses, and operational processes. Proven ability to draft, review, and negotiate contractual compliance requirements that are measurable, enforceable, and aligned to risk posture and governance. Strong capability in control design, operationalisation, and effectiveness testing, including walkthroughs, sampling, evidence review, and ongoing monitoring to support audit readiness and remediation of control gaps. High-level stakeholder engagement and influencing skills, including the ability to work effectively across Legal, Procurement, contract owners, and technical teams, and to communicate complex compliance concepts clearly to non-specialist audiences. Strong analytical and problem-solving skills to identify compliance gaps, assess impacts, recommend proportionate solutions, and provide succinct briefs, reports, and governance inputs that support informed decision-making and accountability.
Desirable Qualifications and Experience
Tertiary qualification in a relevant discipline such as Law, Business, Information Security, Cybersecurity, Risk Management, Governance, or a closely related field, with 5–7+ years' experience in compliance, policy, or contractual advisory roles within large or complex regulated environments (ideally education or government). Strong working knowledge of information security compliance and control frameworks and obligations, including VPDSS, ISM, ISO 27001, Essential Eight, and audit/assurance practices, with demonstrated experience supporting internal and external audits, evidence management, attestation preparation, and remediation. Experience managing compliance and obligation registers, linking obligations to control libraries and risks, and using GRC platforms (e.g., ReadiNow, 6clicks, Archer, ServiceNow or similar) to monitor compliance status and automate reporting. Desirable professional certifications include ISO/IEC 27001 Lead Implementer/Auditor, privacy certification (e.g., CIPP where relevant), and/or security, risk and compliance certifications such as CISSP, CISM, CRISC, Victorian Government cyber/VPDSS-related certifications, Essential Eight maturity training, ISM training, and relevant procurement/contractual governance or supplier risk certifications, including formal training in control design/testing methodologies and audit frameworks.
About the Division
The Information Management and Technology Division (IMTD) is responsible for supporting one of the largest technology networks in Victoria and leading the department's technology, digital capability, business systems and digital transformation. This network consists of Schools, Corporate and Early Childhood Education (ECE) including a school user base of more than 1500 Government schools, 50,000 teachers and 650,000 students.
IMTD applies agile practices with a focus on user experience, security, integration, and designs and delivers solutions on the department's cloud infrastructure services (IaaS), enterprise cloud platforms (PaaS) and software services (SaaS).
About the Department
The department provides a wide range of learning and development support and services.
The department provides policy leadership, plans for the future of education in Victoria and leads key cross-sector collaboration. The department plays an important system steward role by providing support, guidance, oversight and assurance across early childhood and school education systems, as well as directly providing school education and 50 new early learning centres.
Further Information
For more details regarding this position please see attached position description for the capabilities to address in application.
The department values diversity and inclusion in all forms - gender, religion, ethnicity, LGBTIQ+, disability and neurodiversity. Aboriginal and Torres Strait Islander candidates are strongly encouraged to apply. For more information about our work, working for the Department, diversity and inclusion, and our employment conditions visit the Department website and our Diversity and Inclusion page
Applicants requiring adjustments can contact the nominated contact person.
Information about the Department of Education's operations and employment conditions can be located at www.education.vic.gov.au.
For further information pertaining to the role, please contact Zeeshan Arshad – Security Risk and Compliance Manager via email [email protected]
Preferred applicants may be required to complete a police check and may be subject to other pre-employment checks. Information provided to the Department of Education will be treated in the strictest confidence.
Please let us know via phone or email if you require any adjustments to ensure your full participation in the recruitment process or if you need the ad or any attachments in an accessible format (e.g large print) due to any viewing difficulties or other accessibility requirements.
Applications close 11:59pm on 29 January 2026