‹ Back to all jobs

Senior Security ManagerHybrid

LocationMelbourne, VIC
Work TypeFull time
Positions1 Position
Published At:12 days ago
Job no: QBCRJ

About Us

We’re known for being the country’s most popular rewards program with over 9 million active members. And through our extended network of partnerships with other nationally recognised brands, we make every day worth more for our members.

Your Team

We've already built a pretty amazing team, but we're not looking for more of the same. Our day-to-day is made stronger when we surround ourselves with people who are different, like you.

We work really hard to build teams that support each other. It’s the kind of environment you’ll miss while you’re on holidays.

Your Role

As the Senior Security Manager, you will work closely with stakeholders to develop, implement, and manage security capabilities that protect Flybuys’ systems and data.

Your role requires strategic thinking and deep expertise in cybersecurity, with a proven track record in managing complex security initiatives. 

You will directly support the Head of Security on the implementation of the Flybuys Security Program and controls framework, leadership and delivery of key Program initiatives, and assistance with Program reporting.

You will lead the application security team, ensuring the confidentiality, integrity, and availability of Flybuys' information assets. 

The key areas of accountability in the role are:

Leadership and Program Delivery:

  • Fully partake in security team leadership to contribute to a broader capability uplift across the squad, including security operations and engineering.
  • Take ownership to deliver key Security initiatives, including engaging with the team and stakeholders to deliver outcomes that are critical to the success of the Security Program.
  • Act as the second-in-command (2IC) to the Head of Security. Provide leadership and guidance to the cybersecurity team and act as the Head during the absence of the primary leader.
  • Understand and help drive the Security Program, ensuring coverage and alignment of key Program initiatives to Flybuys’ security controls framework. 
  • Establish and maintain a culture of clarity with autonomy allowing team members to feel inspired and supported to reach professional and organisational goals in a sustainable way. 

Application Security:

  • Lead and manage the application security team, including recruitment, training, and performance management, to improve team performance and measure engagement.
  • As Product Manager, define key epics and initiatives required by the Flybuys’ Security Program for the uplift of application security across the Software Development Life Cycle (SDLC).
  • Define security requirements for application development and deployment.
  • Advocate for application security across the organisation as measured by increased security awareness and adherence to security practices.
  • Work with development teams to ensure the efficient management and reporting of vulnerabilities, and the timely remediation of security issues
  • Lead a team that:
  • Conducts and oversees regular security assessments, including code reviews, vulnerability scanning, and penetration testing.
  • Works with the security architects to design and maintain secure application architectures.
  • Promotes and implements secure coding practices among development teams.
  • Provides training and resources to developers on secure coding and application security. 
  • Integrates security tools and processes into the development environment, such as static and dynamic analysis tools. 
  • Creates and maintain guidelines for secure coding practices. 
  • Ensure that all new services, platforms, or releases are delivered with an appropriate level of security assurance to avoid issues that could have been reasonably anticipated.
  • Serve as the primary point of contact for application security matters.

 Stakeholder Management and Executive Reporting:

  • Partner with the relevant Delivery, Data, Product, Finance, IT Operations and other stakeholders. Ensure that a Cybersecurity Program is delivered, with plans and progress well understood by stakeholders.
  • Proactively engage and maintain stakeholder relationships, including managing dependencies such that issues are surfaced before impacting product development progress.
  • Create bi-monthly executive reports on cybersecurity measures and the progress of cybersecurity uplift initiatives to a standard whereby executives remark on the clarity and quality of these reports.
  • Review and recommend improvements to security policies such that these policies are proactively sought-after and willingly used by stakeholders.

Knowledge Sharing and Subject Matter Expertise:

  • Stay aware of changes in the industry or relevant professions, such that colleagues give feedback about what they are learning and are enthused by you.
  • Provide Security-related thought leadership evidenced by the innovations and improvements you bring.

Your Experience

  • Bachelor's degree in Computer Science, Engineering, Science, Information Technology, Information Security or equivalent.
  • Security certifications such as CISSP, CEH, GCIH, OSCP, CRISC, or other relevant security certifications obtained or maintained in the last 3 years.
  • Knowledge of AWS and Azure platforms and security understanding of deploying systems to the cloud.
  • Knowledge of security requirements across the Software Development Lifecycle - ideally including BSIMM
  • Practical working knowledge of security good practices and standards including NIST, OWASP, ISO2700x
  • Understanding of and familiarity with capabilities required by a Security Program, including: familiarity with incident response, technical investigations, SOC SIEM processes and technologies, vulnerability management and penetration testing, threat assessment and attack surface analysis
  • Demonstrated experience operating as part of a technology leadership team and specific expertise in leading and transforming a Cybersecurity function.
  • Demonstrated experience attracting and developing high-performing talent and creating high-performance teams.
  • Demonstrated experience managing and delivering initiatives that deliver excellent outcomes for our customers.
  • Understanding and experience in Agile delivery methodologies and toolsets.
  • The ability to present, influence and collaborate with key executive and senior-level stakeholders.
  • Strong facilitation skills to achieve business outcomes within and external to Technology.
  • Collaborative style, comfortable working in a matrix environment and values working across organisational boundaries.
  • Excellent communication skills, including adjusting communication to suit the intended audience.

Your Benefits!

We offer our valued team members a stack of exclusive benefits! To name a few...

  • Flybuysflex | work from anywhere, measured on outcomes
  • Two well-being days per year!
  • Volunteer leave
  • Ongoing learning & development programs and opportunities
  • My Coles and Wesfarmers team member discount card
  • Be Well Programs – Mind/Body/Soul
  • Quarterly All Team events
  • Hybrid social events
  • New starter kit merchandise 

Your Time to Fly.

We value ways of working that work for everyone and use our different strengths to make us stronger. We work hard to make sure everyone’s voice is heard and respected equally, regardless of identity, background, position, ability or lifestyle.

It is a condition of employment that successful applicants undergo a National Police Check prior to commencing.

  • Published on 06 Oct 2024, 10:14 PM