Osborne Richardson are public sector recruitment specialists with over 30 years’ experience.  Our IT Division is headed up by an IT Project Manager with over 20 years experience running complex projects, so when you engage with Osborne Richardson, you are working with a recruitment consultancy who has walked the walk.

• To 20th of March 2026 (likely extensions)
• $82/hr incl. Super
• 36 hour week
• Located in Sunshine

About the role:

The Information Security Manager leads the definition, implementation, and governance of the organisation’s security, risk, and compliance capabilities across Brimbank City Council. The role will lead the establishment, implementation, and maintenance of the appropriate security controls, standards, and risk processes across the organisation.

The position is accountable for the development and implementatino of the ICT security practice, capability, and security program, ensuring that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digitial ecosystem in which we operate.

Responsibilities:

Security Management and Operations.

• Lead and manage ICT security including the development of ICT security policies, procedures, processes, and suitable technologies.
• Responsible for the day-to-day management of ICT security, working with other ICT teams to ensure the protection of ICT assets & information as well as the prevention and management of breaches.
• Monitors the external threat environment for emerging threats, conducts system security and vulnerability assessments, and works with stakeholders on the appropriate course of action.
• Manage and contain security incidents and events to protect ICT assets and data. Limit operational impacts including the coordination of incident response plans to ensure that business-critical services are recovered in the event of a security event.
• Lead and conduct investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
• Lead Council’s cyber security operations including threat detection, incident response, vulnerability management, and cyber resilience initiatives.
• Manage external 24X7 MSSP/SOC partners and ensure timely triage, escalation, and remediation of cyber threats.
• Maintain and regularly test the Cyber Incident Response Plan, conducting executive simulations and post-incident reviews.
• Continuously monitor the external threat landscape and apply intelligence to strengthen Council’s cyber posture.

Security Strategy and Capability

• Manage the process of gathering, analysing and assessing the current and future threat landscape, as well as providing a realistic overview of risks and threats in the environment.
• Develops a security vision, strategy and roadmap that is aligned to business priorities and enables and facilitates the business objectives aligned to the risk appetite by determining enterprise-wide security requirements, including new ICT investments required to protect our assets.
• Consult and engage with ICT, business teams and partners as appropriate to ensure that security is factored into the evaluation, selection and implementation of new products and services.
• Manage security projects and provide expert guidance on security matters for other ICT projects.
• Lead the design, implementation, and continuous improvement of the Information Security Management System (ISMS) aligned with ISO 27001 and VPDSF.
• Define and maintain information security policies, standards, and procedures across the organisation.
• Embed security-by-design principles in all technology projects and procurements.
• Oversee information classification, data protection, and privacy integration with relevant legislation.
• Manage third-party and supply chain security assessments and maintain vendor assurance processes.

Risk and Compliance

• Lead ICT risk identification, ICT risk management and appropriate risk mitigation strategies including the reporting of ICT risks and associated information both at an operational and strategic level.
• Works collaboratively with business and ICT stakeholders to understand and facilitate security risk assessments and risk management processes, both to optimise enterprise risk and to empower stakeholders to own and accept the level of risk they deem appropriate for their specific risk appetite.
• Manage audit requirements across ICT, ensuring respective owners are delivering against the audit findings.
• Identifies and tackles compliance requirements and build awareness of compliance within the organisation. Implement a compliance monitoring programme, including compliance reporting.

Security Practice and Knowledge Enablement

• Builds awareness and establishes effective communications, reporting and insights for the proactive management of information security and establishes and implements a targeted security awareness training program for all employees.
• Collaborates with business privacy and data owners to ensure that data privacy requirements are considered where applicable.
• Assists with the identification of non-ICT managed ICT services in use ("distributed ICT") and facilitates the application of standard controls and rigor to these services. Where this is not possible ensures that risk can be reduced to the appropriate levels and ownership of this security risk is clear.

Experience:

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ASD, COBIT and NIST.
• Knowledge of enterprise information and cyber security processes, concepts, and best practices, with an exposure to public cloud models is desirable.
• Exposure to a broad range of ICT functions and disciplines, with a strong working knowledge of ICT governance and/or information governance.
• Demonstrated capability in effective reporting to executive management.
• Regulatory compliance knowledge including PCI, VPDSF as well as knowledge and experience of network and infrastructure security and vulnerabilities.
• Demonstrated technical expertise in ICT security and the application of ICT security measures.
• Experience across other security areas including penetration testing, security architecture or design and security governance including hands-on experience implementing security solutions.
• ICT Risk and/or compliance management experience.
• CISSP/CISM or equivalent certifications preferred
• Relevant experience in a public sector environment.
• Working knowledge of The Victorian Protective Data Security Framework (VPDSF) and the Information Management Framework for the Victorian Public Sector and the Public Records Office Victoria Specifications and Standards is highly desirable.

Thank you for your interest. We regret that, due to the number of applications received, we will not be able to respond to all applicants.