Principal Cyber Security Advisor at UNSW

Sydney, New South Wales, Australia -

Full Time

Start Date

Immediate

Expiry Date

11 Aug, 26

Salary

0.0

Posted On

13 May, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cyber Security GRC, Risk Assessment, Third-Party Risk Management, Governance Frameworks, Stakeholder Management, Penetration Testing Oversight, Cloud Security, Compliance Management, Strategic Advisory, Policy Development, Vendor Risk Management, Analytical Problem Solving, Negotiation, Communication, Risk Mitigation, Security Assurance

Industry

Higher Education

Description

* Full time continuing role within UNSW IT, as a Principal Cyber Security Advisor * Exceptional salary package available * Kensington, Sydney location, 2-3 days in the office, Hybrid working available About UNSW: UNSW isn’t like other places you’ve worked. Yes, we’re a large organisation with a diverse and talented community; a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. It’s the reason we’re one of the top 20 universities in the world (QS top 20) and a member of Australia’s prestigious Group of Eight. If you want a career where you can thrive, be challenged and do meaningful work, you’re in the right place. The Principal Cyber Security Advisor is a senior subject matter expert within the Cyber Security governance, risk, and compliance (GRC) function, responsible for leading cyber security risk advisory engagements across the University including high-visibility, and strategic initiatives with enterprise-wide impact. This role provides authoritative, university-wide cyber security GRC expertise to support enterprise initiatives, emerging technologies, digital transformation programs, and cross-functional platforms. The Principal Cyber Security Advisor ensures risk is assessed proportionately, governance guardrails are clearly defined, and decision-making is supported through high-quality, structured, and strategic advice aligned to university policies, standards, and risk appetite and broader institutional governance frameworks. The Principal Cyber Security Advisor reports to the Cyber Security Advisory Manager and has no direct reports but exercises significant strategic influence across faculties, divisions, and senior stakeholder groups. Specific accountabilities for this role include: * Lead and deliver cyber security risk assessments and advisory services across the university including strategic initiatives, emerging technologies, enterprise platforms, and cross-functional programs with institutional significance. * Provide senior oversight of third-party and supply chain risk assessments, including SaaS and vendor engagements, ensuring material risks are appropriately identified, challenged, and managed in alignment with enterprise risk and procurement frameworks. * Oversee the integrity and quality of cyber risk register inputs arising from projects, penetration testing, exemptions, and significant changes, ensuring risks are accurately articulated, consistently rated, and aligned to the Risk Management Standard and enterprise risk governance processes. * Provide leadership in the communication and socialisation of material risks to senior stakeholders including executive forums where appropriate, ensuring ownership is clearly defined and risk treatments and policy compliance obligations are understood and actioned prior to production deployment or business change. * Guide and influence senior University stakeholders in the practical and proportionate application of cyber security and risk management principles, strategies, and industry standards, enabling strategic risk-informed decision-making across major institutional initiatives. * Ensure instances of non-compliance, control weakness, or risk exposure beyond appetite are appropriately documented, transparently reported, and effectively escalated to senior leadership and governance forums with clear remediation pathways. * Provide strategic oversight of penetration testing assurance activities, including scope validation for critical systems, review of complex test findings, risk contextualisation, and endorsement of remediation and re-testing strategies for systems of institutional criticality. * Review and provide senior advisory input on complex or high-risk exemption requests, ensuring risk acceptance decisions are formally documented, justified, time-bound, and aligned to governance expectations. * Continually stay up to date and aware of legal, regulatory compliance and contractual obligations that are relevant to the University’s management of cyber security risk and advise leadership on implications for institutional policy and practice. * Promote awareness of the University’s internal and external environment for emerging cyber security threats and their potential impact on the institution. * Build effective working relationship with internal and external stakeholders influencing outcomes and partnering to design pragmatic, secure, and innovative solutions that balance business enablement with risk management across faculties, divisions, and enterprise services. * Promote a culture of continuous improvement within Cyber GRC Advisory by uplifting professional standards, strengthening methodologies, embedding consistency in assessment practices, and fostering innovation in governance approaches and tools. Who you are: * Minimum 8–10 years’ experience in cyber security governance, risk, and advisory roles within large, complex organisations (higher education, government, consulting, or regulated industries preferred), including experience advising senior leaders on enterprise cyber risk. * A relevant Degree with extensive experience in cyber security governance, compliance, risk management or cyber security operations within major organisations or an equivalent level of knowledge gained through any other combination of education, training, and experience. * Strong cyber security GRC fundamentals and strong knowledge of cyber security principles and practices. and their application within complex enterprise governance environments. * Strong expertise in cyber security governance frameworks and standards such as ISO 27001, NIST 800-53, CSA, Essential 8, PCI DSS, COBIT 5, Mitre ATT&CK etc and the ability to apply these frameworks in large organisational contexts. * Relevant industry certification(s) such as CISSP (Ideal), CEH, CISM, CRISC, GSEC, AWS Security Speciality, Microsoft Azure (highly desirable). * Excellent understanding of current security technologies, products, and services, including native cloud security controls in AWS and Azure. * Strong interpersonal, communication and negotiation skills including ability to develop effective relationships and influence key stakeholders at all levels in the organisation. * Ability to present with credibility and translate technical and complex information concisely for diverse audiences using strong analytical and problem-solving skills to support executive decision making. * Demonstrated high level of personal motivation, resilience, and ability to work effectively individually or in teams. * An understanding of and commitment to UNSW’s aims, objectives and values in action, together with relevant policies and guidelines. * Knowledge of health & safety (psychosocial and physical) responsibilities and commitment to attending relevant health and safety training Benefits and Culture * Flexible Working Options (work from home, flexible hours etc) * Career development opportunities * 17% Superannuation contributions and additional leave loading payments * Additional 3 days of leave over Christmas period * Discounts and entitlements (retail, education, fitness) For further details on the benefits, please visit https://www.jobs.unsw.edu.au/lifestyle-benefits [https://www.jobs.unsw.edu.au/lifestyle-benefits] How to Apply: please apply through the portal, we would like you to submit a full application including resume and addressing the who you are section. Applications close: Tuesday 26th of May at 11.30pm Pre-Employment Checks Aligned with UNSW’s focus on cultivating a workplace defined by safety, ethical conduct, and strong integrity preferred candidates will be required to participate in a combination of pre-employment checks relevant to the role they have applied for. These pre-employment checks may include a combination of some of the following checks:- * National and International Criminal history checks * Entitlement to work and ID checks * Working With Children Checks * Completion of a Gender-Based Violence Prevention Declaration * Verification of relevant qualifications * Verification of relevant professional membership * Employment history and reference checks * Financial responsibility assessments/checks. * Medical Checks and Assessments Compliance with the necessary combination of these checks is a condition of employment at UNSW. Get in Touch: Jen MacLachlan j.maclachlan@unsw.edu.au Talent Acquisition Partner – UNSW IT Please apply through the application portal and not via the contact above. UNSW is committed to equity diversity and inclusion. Applications from women, people of culturally and linguistically diverse backgrounds, those living with disabilities, members of the LGBTIQ+ community; and people of Aboriginal and Torres Strait Islander descent, are encouraged. UNSW provides workplace adjustments for people with disability, and access to flexible work options for eligible staff. The University reserves the right not to proceed with any appointment.

Responsibilities

Lead cyber security risk advisory engagements and GRC functions to support strategic initiatives and digital transformation across the university. Provide authoritative guidance on risk assessments, governance guardrails, and third-party supply chain risks to ensure alignment with institutional policies.