Stuck?

Underutilised?

Have the discipline and experience, but no room to be strategic?

Tired of narrow remits, endless layers of sign-off, and not enough say in how things are run?

You’re not alone.

Maybe you’ve been part of a big corporate security team, but you're craving a role where you can touch everything - policy, tooling, frameworks, strategy – not just one tiny piece of the puzzle. You want to broaden your skills.

Or maybe you’re ready to step up. You've been the right-hand in security for a while but haven’t had the autonomy or visibility to really own and lead a domain.

If you're looking for a career-defining role where you can shape an evolving Information Security function, this could be a good role to consider.

What you’ll do:

You’ll report directly to the CIO in a flat, fast-moving and pragmatic environment. With minimal bureaucracy and maximum empowerment, you’ll be the go-to person for all things information security – from policy to posture, tooling and vendor management to board-level reporting.

Your remit includes:

• Leading the development of information security frameworks and policies.
• Uplifting maturity in line with regulatory requirements (e.g. CPS 234, CPS 230).
• Shaping security tooling decisions – leveraging existing MSP tools or introducing better ones.
• Educating the board, engaging with execs, and bringing security into the fold as a business enabler.
• Writing clear, actionable policies (and then making them real); and
• Owning the roadmap and delivering key improvements in tranches, with outcomes that matter

It’s strategic, yes. But also hands-on, ideal for someone who still likes to get into the weeds and drive outcomes, not just hand them off.

What makes this role different?

• Autonomy. No handholding. No unnecessary red tape. Just trust from the CIO and room to lead.
• Impact. You'll shape the future of security, not inherit someone else’s blueprint.
• Balance. A true hybrid model – 50/50 split. You’ll have plenty of time to focus on what’s really important in life.
• Growth. Use this role as a springboard to a bigger leadership role down the track.
• Breadth. You'll get to work across the full spectrum of information security, not just a narrow slice.

Who you’ll do it for:

You’ll be joining a purpose-driven organisation in insurance that’s been supporting the public sector for over 20 years, providing solutions to a specialist member base. It operates as a mutual, owned by its members and reinvesting any surplus back into services that deliver long-term value and impact.

With around 140 employees and a flat, collaborative structure, you’ll get the kind of exposure, autonomy and breadth that’s rare in larger or more hierarchical environments. It’s a place where you can shape your own role, work closely with senior leadership, and contribute to initiatives that genuinely matter to the people and communities the organisation serves.

What you’ll need:

• Experience leading or heavily contributing to infosec strategy and governance.
• Understanding of regulatory frameworks like CPS 234, CPS 230, or NIST CSF
• Strong knowledge of Microsoft Defender, Azure, and modern security tooling.
• Ability to write, explain, and deliver, from board reports to policies.
• A pragmatic, can-do mindset and comfort in rolling up your sleeves in a flat structure.
• Ideally, experience in a regulated industry (insurance, finance, health etc).
• Certifications like CISSP, CISM, or CISA are a big plus.

Next steps:

Your CV may not be up to date, no worries. Just send what you have. Or call Steven on 0418 994 446 for an informal chat, or message me on LinkedIn. Every applicant will receive a response.