Work Type: Ongoing - Full-time
Salary: $113,022 - $136,747
Grade: VPS 5
Occupation: IT and telecommunications
Location: Melbourne - CBD and Inner Metro suburbs
Reference: VG/DE/FPIS/1904441
About the Role
The Senior Security Risk Advisor provides expert leadership in identifying, assessing, and managing technology and information security risks across the Information Security Services (ISS) branch. Working with a high degree of autonomy, the role aligns risk governance and delivery with recognised frameworks (including ISO 31000, VPDSS, VMIA, ISO 27001, NIST, SOC 2 and COBIT).
Key outcomes include maintaining a structured risk hierarchy across enterprise-to-branch levels; facilitating technical risk assessments and treatment planning; strengthening control maturity and traceability via a security control library; and delivering actionable risk reporting, dashboards, KRIs and KPIs for executives and governance forums. The role also contributes to the design and uplift of key risk procedures such as risk acceptance, exemptions and escalation, and promotes modern, data-driven risk oversight through digital GRC tooling.
Attributes
Demonstrated capability to operate independently and provide pragmatic, risk-based advisory support in complex technology and cyber environments. Strong stakeholder engagement and influencing skills, including advising senior leaders and governance forums. Proven facilitation skills for technical risk assessment workshops and embedding risk practices across projects, programs, and operational teams. High analytical capability to evaluate mitigations and compensating controls, monitor residual risk and control maturity, and drive timely closure of treatments through structured follow-ups. Ability to translate technical findings across cloud, identity and access management, application security (including OWASP), vulnerabilities, and security operations into clear business impacts and decision options for non-technical stakeholders. Strong written communication skills, including executive briefings, risk papers, and high-quality dashboards and reporting packs. Continuous improvement mindset with experience improving data quality, automation, and scalable risk governance processes.
Desirable Qualifications and Experience
Tertiary qualification (bachelor's degree or diploma) in Cyber Security, Information Technology, Risk Management, or a related discipline. Preferably 5–7+ years' experience leading technology and cyber risk management in complex environments. Strong working knowledge and practical application of VPDSS, ISO 31000, ISO 27001, NIST/ISM, COBIT, SOC 2 and VMIA-aligned governance and assurance expectations, including risk tiering, treatment strategies, and control validation approaches. Experience across security operational and technical domains, including familiarity with SIEM (e.g., Splunk), EDR, SOC/MDR operations, and vulnerability management, with an understanding of secure architecture and threat modelling. Experience implementing or enhancing GRC platforms and digital risk oversight tooling (e.g., , ServiceNow, ReadiNow, 6clicks), including delivery of executive-level risk reporting and dashboards. Desirable industry certifications include CISSP, CISM, CRISC and/or ISO 27001 Lead Implementer/Auditor, alongside formal training in risk and governance frameworks (e.g., ISO 31000, COBIT, NIST, SOC 2).
About the Division
The Information Management and Technology Division (IMTD) is responsible for supporting one of the largest technology networks in Victoria and leading the department's technology, digital capability, business systems and digital transformation. This network consists of Schools, Corporate and Early Childhood Education (ECE) including a school user base of more than 1500 Government schools, 50,000 teachers and 650,000 students.
IMTD applies agile practices with a focus on user experience, security, integration, and designs and delivers solutions on the department's cloud infrastructure services (IaaS ), enterprise cloud platforms (PaaS) and software services (SaaS).
About the Department
The department provides a wide range of learning and development support and services.
The department provides policy leadership, plans for the future of education in Victoria and leads key cross-sector collaboration. The department plays an important system steward role by providing support, guidance, oversight and assurance across early childhood and school education systems, as well as directly providing school education and 50 new early learning centres.
Further Information
For more details regarding this position please see attached position description for the capabilities to address in application.
The department values diversity and inclusion in all forms - gender, religion, ethnicity, LGBTIQ+, disability and neurodiversity. Aboriginal and Torres Strait Islander candidates are strongly encouraged to apply. For more information about our work, working for the Department, diversity and inclusion, and our employment conditions visit the Department website and our Diversity and Inclusion page
Applicants requiring adjustments can contact the nominated contact person.
Information about the Department of Education's operations and employment conditions can be located at www.education.vic.gov.au.
For further information pertaining to the role, please contact Zeeshan Arshad – Security Risk and Compliance Manager via email [email protected]
Preferred applicants may be required to complete a police check and may be subject to other pre-employment checks. Information provided to the Department of Education will be treated in the strictest confidence.
Please let us know via phone or email if you require any adjustments to ensure your full participation in the recruitment process or if you need the ad or any attachments in an accessible format (e.g large print) due to any viewing difficulties or other accessibility requirements.
Applications close 11:59pm on Thursday 29 January 2026