Security Risk Advisor

The Senior Security Risk Advisor provides expert leadership in identifying, assessing, and managing technology and information security risks across the Information Security Services (ISS) branch. Working with a high degree of autonomy, the role aligns risk governance and delivery with recognised frameworks (including ISO 31000, VPDSS, VMIA, ISO 27001, NIST, SOC 2 and COBIT).

Key outcomes include maintaining a structured risk hierarchy across enterprise-to-branch levels; facilitating technical risk assessments and treatment planning; strengthening control maturity and traceability via a security control library; and delivering actionable risk reporting, dashboards, KRIs and KPIs for executives and governance forums. The role also contributes to the design and uplift of key risk procedures such as risk acceptance, exemptions and escalation, and promotes modern, data-driven risk oversight through digital GRC tooling.

Attributes

Demonstrated capability to operate independently and provide pragmatic, risk-based advisory support in complex technology and cyber environments. Strong stakeholder engagement and influencing skills, including advising senior leaders and governance forums. Proven facilitation skills for technical risk assessment workshops and embedding risk practices across projects, programs, and operational teams. High analytical capability to evaluate mitigations and compensating controls, monitor residual risk and control maturity, and drive timely closure of treatments through structured follow-ups. Ability to translate technical findings across cloud, identity and access management, application security (including OWASP), vulnerabilities, and security operations into clear business impacts and decision options for non-technical stakeholders. Strong written communication skills, including executive briefings, risk papers, and high-quality dashboards and reporting packs. Continuous improvement mindset with experience improving data quality, automation, and scalable risk governance processes.

Desirable Qualifications and Experience

Tertiary qualification (bachelor's degree or diploma) in Cyber Security, Information Technology, Risk Management, or a related discipline. Preferably 5-7+ years' experience leading technology and cyber risk management in complex environments. Strong working knowledge and practical application of VPDSS, ISO 31000, ISO 27001, NIST/ISM, COBIT, SOC 2 and VMIA-aligned governance and assurance expectations, including risk tiering, treatment strategies, and control validation approaches. Experience across security operational and technical domains, including familiarity with SIEM (e.g., Splunk), EDR, SOC/MDR operations, and vulnerability management, with an understanding of secure architecture and threat modelling. Experience implementing or enhancing GRC platforms and digital risk oversight tooling (e.g., , ServiceNow, ReadiNow, 6clicks), including delivery of executive-level risk reporting and dashboards. Desirable industry certifications include CISSP, CISM, CRISC and/or ISO 27001 Lead Implementer/Auditor, alongside formal training in risk and governance frameworks (e.g., ISO 31000, COBIT, NIST, SOC 2).

About the Division

The Information Management and Technology Division (IMTD) is responsible for supporting one of the largest technology networks in Victoria and leading the department's technology, digital capability, business systems and digital transformation. This network consists of Schools, Corporate and Early Childhood Education (ECE) including a school user base of more than 1500 Government schools, 50,000 teachers and 650,000 students.

IMTD applies agile practices with a focus on user experience, security, integration, and designs and delivers solutions on the department's cloud infrastructure services (IaaS), enterprise cloud platforms (PaaS) and software services (SaaS).

About the Department

The department provides a wide range of learning and development support and services.

The department provides policy leadership, plans for the future of education in Victoria and leads key cross-sector collaboration. The department plays an important system steward role by providing support, guidance, oversight and assurance across early childhood and school education systems, as well as directly providing school education and 50 new early learning centres.

Further Information

For more details regarding this position please see attached position description for the capabilities to address in application.

The department values diversity and inclusion in all forms - gender, religion, ethnicity, LGBTIQ+, disability and neurodiversity. Aboriginal and Torres Strait Islander candidates are strongly encouraged to apply. For more information about our work, working for the Department, diversity and inclusion, and our employment conditions visit the Department website and our Diversity and Inclusion page.

Applicants requiring adjustments can contact the nominated contact person.

Information about the Department of Education's operations and employment conditions can be located at

Preferred applicants may be required to complete a police check and may be subject to other pre-employment checks. Information provided to the Department of Education will be treated in the strictest confidence.

Please let us know via phone or email if you require any adjustments to ensure your full participation in the recruitment process or if you need the ad or any attachments in an accessible format (e.g large print) due to any viewing difficulties or other accessibility requirements.

Applications close 11:59pm on Sunday 1st February 2026

Unlock job insights

Salary match Number of applicants Skills match

Education & Training More than 10,000 employees

The Department of Education is responsible for delivering the Victorian government’s commitment to making Victoria the Education State, where all Victorians have the best learning and development experience, regardless of their background, postcode or circumstances. Education remains a cornerstone for ensuring all Victorians have the skills and knowledge they need to actively participate in and contribute to our rapidly‑changing economy and society.

The department delivers and regulates statewide learning and development services across the early childhood and school sectors.