Head of Cyber, Risk and Service Governance

About us

The Essential Services Commission is Victoria’s independent economic regulator of essential services supplied by a range of industries. The commission’s functions include:

• making regulatory decisions with respect to prescribed industries, including price determinations, licensing, customer protection and access disputes
• undertaking reviews and providing advice to Ministers on a range of economic and regulatory matters
•  administering the Victorian Energy Upgrades program

About the role

The Head of Cyber, Risk and Service Governance provides pragmatic, business aligned leadership for cyber security, technology risk, security governance and service assurance across the commission. The role helps the commission make better security, risk and service decisions by translating business needs, regulatory obligations and technology realities into proportionate controls, practical options and clear accountabilities.

The focus of this role is practical risk reduction, stronger governance and sustainable improvement over time. It requires a leader who can strengthen the control environment, support operational resilience, and help business areas, IT operations and external providers adopt security and service practices that are understandable, workable and effective.

The role operates in an environment with mixed digital maturity and significant business managed technology. It therefore requires a staged and practical approach to uplift, rather than a one size fits all control model. The Head of Cyber, Risk and Service Governance will play an important role in supporting the commission’s broader objective of being a modern, trusted and evidence based regulator by ensuring cyber, information and service risks are managed in ways that protect integrity, trust and continuity of operations.

This role provides an opportunity to apply and extend your expertise, work collaboratively across the organisation, and contribute to outcomes that support fair, reliable and accessible essential services for Victorian consumers.

This is an ongoing position. The work location for this position is 570 Bourke Street, Melbourne, with hybrid work arrangements available.

Key accountabilities

•  Lead the commission’s cyber security, technology risk, security governance and service assurance capability in a way that is aligned to business priorities, risk appetite and the realities of a smaller regulator.
•  Develop and maintain fit for purpose cyber and service governance strategies, roadmaps, policies, standards and control expectations that are proportionate, practical and able to be adopted.
• Work consultatively with business divisions, project teams and IT operations to identify material cyber, privacy, information handling and service risks, and agree workable treatment options.
• Provide clear advice to the CIO, executive leadership and governance forums on cyber risk, service risk, control priorities, regulatory obligations, trade offs and investment decisions.
• Strengthen the commission’s security governance and assurance practices, including Victorian Protective Data Security Framework and Standards obligations, Protective Data Security Plan activities, security risk assessments, attestation readiness, third party security assurance and evidence management.
•  Support stronger service governance practices across IT and business managed technology, including service performance, supplier assurance, incident and problem trends, risk treatment tracking and continuous improvement.

Please refer to the attached position description for the principal functions and key selection criteria.

How to apply

Click the “apply now” button to be redirected to our recruitment platform, where you may need to create an account to submit your application.

All applications should include:

• a resume
•  a cover letter addressing the key selection criteria and highlighting your skills and relevant experience in relation to the role

For further information about the role, please contact David Martin, CIO, at david.martin@esc.vic.gov.au.

Our commitment to fostering a diverse, inclusive and flexible workplace

Be part of a highly respected and professional organisation where you can apply your knowledge while being supported by flexible working arrangements that help you balance work and life. You will work in a dynamic and collaborative environment with opportunities for professional growth.

We are an Equal Employment Opportunity employer with inclusive leaders who are committed to a workplace culture that prioritises equity, safety, respect and flexibility for all staff. We uphold the principles of Aboriginal self determination in caring for our community.

We welcome applicants from a diverse range of backgrounds, including Aboriginal and Torres Strait Islander peoples, people of any age, gender identity, parental or carer status, ability, religion or cultural background.

If you require any adjustments to equitably participate in the recruitment process, or need an alternative format of any application material, please contact people.culture@esc.vic.gov.au for support.

Other relevant information

Applicants must have corresponding work rights for the advertised employment period to be appointed to this role. Ongoing positions are only available to Australian or New Zealand citizens, or Australian permanent residents.

Preferred applicants are required to undergo mandatory pre employment screening, which includes a national criminal history check, right to work verification, qualification checks, a statutory declaration disclosing any previous misconduct investigations, and a declaration of private interests