Cyber Security Manager – Hybrid, Melbourne

About the role

We are a leading national professional services firm seeking a Cybersecurity Manager to lead our cyber function, strategy and maturity uplift. This hybrid role based in Melbourne works closely with the CIO and spans governance, technology risk, vendor management, awareness and incident response.

Key responsibilities

• Develop and execute the cybersecurity strategy, roadmap and maturity uplift program.
• Own cyber governance, technology risk management, security policies, control frameworks, reporting and the IT risk register.
• Drive ISO 27001 readiness, client cyber assessments, third‑party risk reviews and security input into tenders.
• Manage external security providers for SOC, SIEM, incident response, vulnerability management and cyber operations.
• Provide practical cyber guidance to infrastructure, engineering, application development and business stakeholders.
• Lead cyber awareness programmes, phishing testing, incident response planning and key improvement initiatives.

Required profile

• Strong GRC, technology risk and cyber governance experience, preferably in a senior cyber leadership role.
• Hands‑on exposure to ISO 27001, NIST, Essential 8 or similar frameworks with a track record of lifting cyber maturity.
• Commercial risk mindset and ability to translate standards into business‑aligned recommendations.
• Excellent stakeholder management and influencing skills, especially with technical teams without direct reports.
• Experience managing vendors, cyber uplift projects, assessments, incident response or awareness programmes.

Required skills

• Microsoft security technologies
• Vulnerability management tools
• Security operations tooling (SOC, SIEM)

What we offer

• Hybrid work model – three days in the Melbourne office.
• Salary $200k inclusive of superannuation.
• Opportunity to shape the cyber function and progress towards a CISO role.