About us

Suburban Rail Loop (SRL) is an integrated transport infrastructure and precincts planning project that will deliver a 90km rail line linking every major train service from the Frankston Line to the Werribee Line via Melbourne Airport, as well as investment in the suburbs, better connecting Victorians to jobs, retail, education, health services and each other. Suburban Rail Loop Authority (SRLA) is the statutory body established to plan all elements of the project, procure builders, develop structure planning for SRL Precincts and oversee construction and the other changes that will help transform Melbourne and Victoria.

SRL is more than a rail project. It's a once-in-a-generation opportunity to plan for and prepare our city and state to meet the needs of future Victorians, and we can't do it alone. We are on the lookout for people with drive, expertise, fresh ideas and new perspectives to deliver Victoria's biggest ever infrastructure project. You will be part of history in the making, and while we're at it, we will be shaping your future too.

About the opportunity

We’re building the biggest infrastructure project in Victoria’s history, and we need someone to protect it from the digital dark arts.

As Manager, Information Security and Risk, you’ll play a vital role in safeguarding the digital backbone of the SRL project. Your work will span across the business. You’ll utilise your expertise to advise on security matters and engage diverse stakeholders to delivery key projects. You’ll have a VPS Grade 6 Information Security Specialist and a VPS Grade 5 Cyber Security Analyst reporting to you.

Reporting to the Chief Digital and Data Officer, your key responsibilities will include:

Leading the ongoing development and implementation of the cyber security program and roadmap

Building relationships and managing communication with stakeholders to ensure that business is informed when planning new business projects

Providing advice regarding cyber security in procurement and contract management activities, through the assessment of security checklists, certifications and security assurance reports

Coordinating and overseeing response to cyber security incidents

Reporting on cyber security matters to the Chief Digital and Data Officer, management, executives and board, including the organisation’s security risk profile, the status of enterprise and business systems and any outstanding security risks, planned cyber security uplift activities, and recent cyber security incidents

Creating and delivering cyber security awareness training programs

Developing and implementing standards and guidelines in compliance with the Victorian Protective Data Security Standards (VPDSS)

Managing the combined Information and ICT security register and utilising the Victorian Protective Data Security Framework (VPDSF) to achieve VPDSF attestation and meet its goals for cyber risk

Chairing the internal Security Working Group

Advising on appropriate governance and management practices for security controls and risks, as part of formal or informal advisory agreements

Contributing to business continuity and disaster recovery planning to improve business resilience and ensure the continued operation of business-critical processes

This is a permanent, full-time role. You will work in a hybrid work model with access to a range of flexible working arrangements.

For more information, please refer to the position description.

About you

Deep understanding of cyber policy, risk and governance formulation and management

Extensive experience of cyber security risk mitigation strategies and cyber assurance frameworks

Experience engaging in security architecture discussions, decisions and implementation of cyber security controls

Ability to think at a big-picture level as a technical expert, entertain wide-ranging possibilities in developing a roadmap to the organisation’s cyber maturity, work across several timeframes and translate strategic direction into day-to-day activities

Ability to draw on a range of cyber security information sources to identify innovative ways of achieving organisational maturity in the cyber security space, actively influencing and promoting ideas, and translating cyber security innovations into workplace improvements

Ability to formulate and communicate cyber security policies and recommendations, and demonstrate and understand major legislation on information security and privacy related to the Australian Privacy Act, VPDSS or similar

Ability to convey cyber security initiatives in a clear and interesting way and prepare reports and briefs for the Executive and Board

Ability to deliver logical and engaging training to all levels of the organisation to educate and ensure the cyber integrity of the organisation is upheld

CISM, CISSP, CRISC or CISA certification (desirable)

Experience and understanding of IT security policy and standards (desirable)

Why join us

The opportunity to contribute to a groundbreaking public transport initiative

A collaborative, multidisciplinary work environment with experts from various fields

Career growth opportunities within a highly respected authority

Generous leave entitlements

An emphasis on work-life balance

High-performing team environment

Equal opportunity employer

Personal and professional development opportunities

Committed to safety and wellbeing

Training and development opportunities

Our People Strategy and Gender Equality Action Plan are designed to enhance diversity in our workplace through targeted attraction strategies. If you have any questions related to recruitment, please feel free to reach out to the recruitment adviser or hiring manager mentioned in the position description.

For individuals with disabilities requiring adjustments during the recruitment process, our Inclusion team is here to provide support. The inclusion mailbox ([email protected]) is specifically for those seeking further information about targeted recruitment strategies and for individuals with disabilities requiring adjustments. Please contact us, and we will ensure your needs are met during the application and recruitment process.

SRLA is committed to providing a working environment which is safe and without risk to the health of its employees and partners consistent with its obligations under the Occupational Health and Safety Act 2004 (OH&S Act). To support this, SRLA recommends that all employees be fully vaccinated.

How to apply

Please click Apply Now to submit your application online. Please include a resume. We want to know why you want to work for the Suburban Rail Loop Authority, why you are interested in the role, and taking into account the key selection criteria as a whole, how your skills, knowledge, experience and qualifications are applicable to the role.

Please note that appointment of successful applicants will be made subject to a satisfactory pre-employment screening check.

Applications close Australian Eastern Standard Time 11:59pm Wednesday 21 May 2025