Security Program Manager

at  VENTORA Group

ABOUT THE ORGANISATION

With some of the most iconic brands in the Australasian and global building industry, VENTORA is proud to have provided products and services to projects around the globe for residential, multi-residential, and commercial markets. Whether it is windows, doors, architectural glass, showers, wardrobes or other building products, our brands are committed to creating a safe and sustainable environment for customers, our 4500 colleagues, and local communities.
Over many decades our brands, including Stegbar, Corinthian Doors, A&L Windows, Trend Windows, Aneeta Windows, Breezway and Regency, along with our architectural glass facilities have been at the forefront of innovation, delivering the latest in technology and design to homeowners across Australia and around the globe.

ABOUT THE OPPORTUNITY

At Ventora, we are committed to protecting our organisation and customers from the ever-evolving landscape of cyber threats. We are passionate about innovation and security, ensuring our systems and data are safeguarded against potential risks. We are currently seeking a skilled and experienced Security Program Manager to caretake for a period of 9-12 months to lead the Cybersecurity team. This role can be located at either of sites in Helensvale QLD, Girraween, NSW or Dandenong South, VIC.
You will collaborate on the priorities with IT Infrastructure, Applications and external SOC provider, overseeing and coordinating security operations across the organisation to ensure our security posture is robust and resilient.

Key responsibilities include:

• develop and implement security policies and procedures
• conduct system tests and oversee vulnerability audits
• test an incident response plan and recovery procedures
• curate information security training and awareness programs
• ensure compliance with the changing laws and applicable regulations
• oversee vendor risk management including the review of vendor contracts
• report to executive management about the status of the information security program, security incidents and progress of the security improvement plan
• keep up to date with the latest intelligence, including hackers’ methodologies, in order to anticipate security breaches

ABOUT YOU

We are seeking an experienced cyber security professional to drive and continuously improve our Information Security program. Along with your previous experience, you will possess excellent analysis, planning, project management and communication skills.

You will have:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Ethical Hacker (CEH), highly desirable
• several years experience in information technology, with a focus on cybersecurity
• experience with network security, incident response, security operations, and security architecture
• strong knowledge of data protection and disaster recovery processes, understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
• ability to lead and motivate a team, and work well under pressure
• up-to-date knowledge of the latest security principles, techniques, and protocols
• familiarity with web related technologies and network/web related protocols

• develop and implement security policies and procedures
• conduct system tests and oversee vulnerability audits
• test an incident response plan and recovery procedures
• curate information security training and awareness programs
• ensure compliance with the changing laws and applicable regulations
• oversee vendor risk management including the review of vendor contracts
• report to executive management about the status of the information security program, security incidents and progress of the security improvement plan
• keep up to date with the latest intelligence, including hackers’ methodologies, in order to anticipate security breache