Who We Are

In Melbourne, water is essential to our way of life.

As caretakers for Melbourne’s water cycle, we care for water, life and land throughout Melbourne: both its people and its biodiversity.

Each time you drink from the tap, flush a toilet or kayak down the Yarra, we’re there. Primed and ready, quietly delivering some of the world’s cleanest water for over five million residents and wildlife that call Melbourne home, just as we have for over 130 years.

If you value making it count, diving in with curiosity, and doing what’s right, you're in the right place.

About The Role

Reporting to the Senior Manager Technology Risk & Compliance, this full-time, permanent role sits within the Information Security team. As Specialist Cyber Security Control Assurance, you will provide leadership, governance and oversight of technology and cybersecurity risk across Melbourne Water’s digital environment and third parties, including IT and OT.

This role ensures third-party technology and cybersecurity risks and controls are clearly understood, appropriately treated, and compliant with regulatory requirements. You will lead the development and execution of Melbourne Water’s enterprise-wide Third Party Technology Risk and Compliance strategy, roadmap and assurance framework.

Responsibilities:

• Lead and oversee third‑party cyber security services, including contractor and provider safety and wellbeing.
• Own and maintain the Third Party Cyber Security Strategy and risk‑prioritised roadmap across IT, OT, physical and personnel security.
• Drive execution of the Third Party Technology Risk and Compliance security roadmap with internal teams and external partners.
• Lead the Third Party Cybersecurity Assurance function, ensuring delivery of strategic outcomes, audits and remediation.
• Ensure compliance with the Victorian Protective Data Security Standards (VPDSS), including OVIC attestation and evolving regulatory requirements.
• Deliver operational third‑party cyber risk and compliance services in line with the service catalogue.
• Assess and uplift cyber control maturity using NIST CSF, ASD Essential Eight and other relevant frameworks.
• Provide cyber security risk advisory support across procurement and third‑party lifecycle management.
• Deliver executive‑level reporting and insights on third‑party cyber risk posture, trends and emerging threats.
• Monitor the external threat environment and maintain accurate third‑party risk profiles and IT risk frameworks.

About You

• Tertiary degree and evidence of post-graduate (or equivalent) follow-up in an IT security discipline.
• Extensive demonstrated experience and subject matter expertise in Security Risk and Compliance.
• Extensive demonstrated experience and subject matter expertise in Third Party Risk and Compliance.
• Significant experience in business partnering or consulting, utilising a services design orientation and a strong demonstrable customer focus.
• Demonstrated experience in the provision of expert advice and guidance to all levels; being agile and impactful.
• Demonstrated experience in adaptive leadership and collaboration and in challenging change environments.
• Security qualifications, accreditations and current certification in SABSA, CISSP, CISM, CISA, ISO27001 LA and/or CRISC.
• Obtain AusCheck Clearance. (please see important information below*)

For more information, please review the attached position description: Specialist Cyber Security Control Assurance .pdf

Why Join Us

At Melbourne Water, we care about water and all life that springs from it.

Our people are fuelled by passion, and with safety at the forefront, we have an unwavering sense of purpose, and are on a mission to protect every Melburnian’s way of life, one drop at a time.

We walk the talk when it comes to flexible working – but that’s not all. Our culture of purpose, safety, results, and learning permeates everything we do. We're dedicated to doing what's right, and this commitment extends to the meaningful work we do in a supportive and inclusive culture that encourages you to make the most of your talents.

Our long-standing commitment to Diversity, Inclusion, and Belonging means that Aboriginal and Torres Strait Islander peoples, LGBTIQ+ individuals, neurodivergent individuals, people living with disability, mature age and young jobseekers from all cultures can apply with confidence knowing they are safe, affirmed, and celebrated.

If you’re curious, action-orientated, outcomes-focused, and care deeply for public resources, community, and the environment, we'd love to receive an application and learn if you could be a great fit.

How To Apply

Click the 'Apply Now' button below and complete our online application form.

Closing date: Sunday 24th May at 11:55pm AEST

*Important Information

The Security of Critical Infrastructure (SoCI) Act 2018 requires Melbourne Water, as an operator of critical infrastructure, to prepare a Critical Infrastructure Risk Management Program (CIRMP), which has been undertaken and managed by the Security and Emergency Management Team.

Melbourne Water are required to assess roles across Melbourne Water to determine what roles are critical under the Act. All employees working in a role deemed SOCI critical will require additional background checks via AusCheck. This role is deemed critical and the preferred applicant will be asked to undertake an AusCheck.

The AusCheck process is outlined clearly in this presentation provided by AusCheck CI Critical Worker: Getting Started Guide | Rise 360 (articulate.com).