Head of Cyber Strategy

The role

As a senior leader in the Non-Financial Risk team, you will work collaboratively to deliver a range of initiatives and activities which drive the transformation of operational resilience across the industries APRA regulates.

The scope of work will include the implementation of strategies and work programs to enable significant uplift in operational resilience practices in APRA’s regulated population particularly across Cyber and Technology risk management and ensuring APRA’s supervision activities are effective and appropriately targeted and delivered efficiently.

Each day is different, and our team plays a critical role in ensuring that risks are identified and managed leading to more resilient organisations and a stable financial system.

The team

The role is a member of the APRA Leadership Team and the Non-Financial Risk Leadership Team within the Cross-Industry Risk Division (CRD).
The Non-Financial Risk team is responsible for providing identification, insight and supervision strategies for managing non-financial risks including operational resilience at regulated entities and across the financial services system. This includes key risk streams such as Operational Risk and Resilience, Technology and Cyber Security Risks and Resilience, Climate Risk, Governance, Risk Culture and Conduct, and Accountability and Remuneration practices.

Non-Financial Risk works in partnership with key areas across APRA to drive strategic outcomes and support strong prudential oversight across Banking, Superannuation and Insurance.

Key responsibilities

• Deliver Cyber strategy - accountable for cyber resilience uplift activities including;
  
  • APRA’s Refreshed 2025-29 Cyber Program including development and design of key strategic actions and activities, delivery of key outcomes and ensuring governance and oversight requirements are met
  • Guidance and support of future policy development in cyber and technology resilience including appropriate settings for information security controls and data risk management
  • Considering the impact of emerging technology capabilities such as AI and changes in the broader environment as potential points of influence on APRA’s strategic priorities for Cyber risk
• Advice - bring a dynamic and informed approach to the provision of strategic cyber strategic insights and advice to APRA executive leaders on key issues relating to cyber, technology and data risk management
• People – lead a team of professionals to deliver strategic uplift and core supervision outcomes in a pooled resourcing environment. Foster an inclusive environment that creates a sense of belonging and trust and allows people to actively contribute and reach their full potential
• Internal collaboration - working with multiple key internal stakeholders and teams to partner on strategic uplift initiatives and core and ensure needs and requirements are understood and met
• Stakeholder engagement – develop external networks to support initiatives including government agencies, industry associations and key positions at regulated entities
• Develop others – proactively identify and raise continuous improvement opportunities for whole of team efficiency and effectiveness
• Contribute to leadership team - actively contribute to the leadership of Non-Financial Risk team including management of risks, allocation of resources, development of people, prioritisation of activities, management of key relationships and overall team strategy.

About you

• Strong leadership and management capabilities, including the ability to organise/motivate others and drive to deadlines
• Professional qualifications in relevant field or equivalent experience - demonstrated experience in assessing the management of operational resilience, in one or more areas such as organisation & governance, risk management, strategic planning, information security (including cyber), IT operations and service management, project management & application development, data management, business continuity management and disaster recovery, service provision and assurance
• Leading in the face of uncertainty and facilitates understanding of complex circumstances to gain support and agreement
• Experience in the financial services sector in a leadership capacity, with sound understanding of the principles of prudential regulation and financial sector risks
• Excellent organisational, prioritisation, analytical and communication skills
• Relationship building, negotiation and influencing capability at senior level
• Ability to identify strategic issues and develop and implement appropriate solutions
• Strong personal integrity and an intuitive understanding of what is reasonable and prudent business practice
• Ability to establish and maintain sound working relationships with peers, team members and external stakeholders in a professional team environment.

To work with us, you need to be an Australian citizen with eligibility to gain an Australian Government security clearance.

About APRA

The Australian Prudential Regulation Authority (APRA) places you at the heart of Australia’s financial services industry. APRA serves the Australian community by helping ensure financial institutions deliver on the financial commitments they make, within a stable, efficient and competitive financial system.

At APRA we’re committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought, and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. When applying, please inform us of any adjustments you may need during the interview process.