ABOUT US

Racing and Wagering Western Australia (RWWA) is at the heart of WA’s racing and wagering industries. As a government trading enterprise, we regulate and develop the State’s racing sector and operate the TAB – a multifaceted wagering business with a presence across more than 300 retail outlets and a growing digital platform.
Our work protects the integrity of racing and wagering, strengthens industry sustainability, and delivers value to the WA community. We are proud to be an organisation driven by our values of Respect, Accountability, Connection, and Excellence.

ABOUT THE ROLE

We have an exciting opportunity for an experienced Cyber Security GRC Team Lead to join our Technology Division. This is a newly created role, reflecting our commitment to maturing and embedding governance, risk, and compliance practices across the organisation’s cyber security function.
Reporting to the Head of Cyber Security, you will develop and maintain RWWA’s cyber security policies, frameworks, manage cyber risk registers, coordinate audits, and track compliance against regulatory obligations and frameworks such as NIST CSF 2.0 and the WA Government Cyber Security Policy.
This leadership role blends strategic oversight with hands-on coordination, working closely with the Cyber Security Operations and Engineering Team Leads to ensure security controls are governed effectively, risks are understood and addressed, and a strong cyber risk culture is embedded across the organisation.

In this pivotal role, you will:

• Lead the development, maintenance, and promotion of cyber security policies, standards, and guidelines.
• Oversee cyber risk management processes, including risk identification, analysis, treatment, and maintenance of the cyber risk register.
• Manage internal and external audit activities, collect evidence, track remediation, and ensure ongoing compliance with frameworks and regulatory obligations.
• Establish and manage third-party cyber risk assessment processes in collaboration with Procurement, Legal, and Technology stakeholders.
• Consolidate and report on cyber performance, risk indicators, and assurance findings for executive and governance audiences.
• Partner with the Data and Information Governance team to ensure alignment with data classification, retention, and privacy requirements.
• Foster a culture of learning, accountability, and collaboration.

In this role, you will bring:

• Demonstrated experience developing and managing policy frameworks aligned to organisational, regulatory, and industry requirements.
• Proven ability to maintain cyber risk registers, conduct risk assessments, and manage treatment plans effectively.
• Strong knowledge of NIST CSF 2.0 and the WA Government Cyber Security Policy, with experience in tracking and reporting compliance.
• Demonstrated experience leading internal and external audits, including evidence collection, control effectiveness reviews, and remediation tracking.
• Strong capability in assessing vendor and third-party cyber risk, working collaboratively to mitigate exposures.
• A proven track record of uplifting cyber awareness, influencing behaviours, and embedding security into business decision-making.
• Demonstrated ability to simplify complex concepts, engage stakeholders at all levels, and present compelling insights to governance forums.
• Industry experience in cyber security, with the ability to demonstrate leadership and technical depth. A tertiary qualification in information technology or cyber security, and/or relevant professional certifications, will be highly regarded