As a financial ombudsman, we are a for-purpose organisation that provides a free service for individuals and small businesses. We listen to and work with our customers and their financial firms to find solutions to complaints which have gone unheard or unresolved. This is your opportunity to make a difference. 

In this newly created Head of Cyber Security and Risk role, you’ll provide enterprise‑wide leadership to protect AFCA, the essential services we deliver, and the trust placed in us by the community.

Reporting to the Chief Technology Officer, this senior leadership role is accountable for cyber security operations, cyber risk governance, and Technology, Data & AI risk management. You’ll be a proven leader in this space with significant experience, who can set the strategic direction, embed security‑by‑design across the organisation, and act as a trusted advisor to the Executive and Board.

What you’ll be responsible for:

• Owning enterprise cyber security outcomes, ensuring threat detection, incident response and recovery are aligned to AFCA’s risk appetite
• Providing executive oversight of cyber incidents and breaches, including escalation, Board reporting and regulatory notifications
• Setting direction and success measures for cyber security operations, with assurance over performance and continuous improvement
• Holding enterprise accountability for managed security services (e.g. SOC outcomes and service effectiveness)
• Owning AFCA’s cyber security strategy, policies and standards, aligned to regulatory and compliance requirements
• Acting as AFCA’s enterprise cyber risk owner, including risk identification, prioritisation, treatment oversight and residual risk reporting
• Providing authoritative cyber risk advice to the CTO, Executive Leadership Team and Board, including investment and risk acceptance recommendations
• Embedding security‑by‑design across architecture, engineering, platforms, digital services and third‑party integrations
• Providing assurance over major initiatives and suppliers, including sign‑off on cyber risk posture and control adequacy
• Holding enterprise accountability for third‑party and vendor cyber risk, partnering with Risk, Legal and Procurement
• Leading cyber capability, culture and maturity across the organisation, ensuring the right balance of internal expertise, managed services and specialist support
• Driving organisation‑wide cyber awareness and accountability, without owning day‑to‑day training delivery

What you'll bring: 

• Significant proven leadership experience in cyber security across complex, regulated environments. 
• Deep expertise in cyber operations, incident response and threat management. 
• Strong grounding in cyber governance, risk management and regulatory compliance. 
• Proven ability to communicate cyber risk clearly to executives and non‑technical stakeholders. 
• Experience managing managed security providers and complex vendor ecosystems. 
• Calm, credible leader able to operate effectively during high‑impact cyber incidents. 

What's on offer

• BOSS Best Places to Work 2024 –credited for its culture, engagement and flexible working arrangements. 
• Most Inclusive Workplace 2024 – Australian HR Institute (AHRI) Awards. 
• Employer of Choice Public Sector and NFP – Australian HR Awards 2023 
• Bronze AWEI Accreditation 2024 – Recognised for LGBTQ+ workplace inclusion. 
• Accredited Family Friendly Workplace – Supporting work-life balance and inclusivity. 
• Hybrid working – Flexible arrangements with state-of-the-art offices designed for collaboration and wellbeing. 
• Inclusive leave options – Flexible public holidays, 20 weeks paid parental leave, gender affirmation leave, women’s health leave, and paid time off over Christmas. 
• Financial benefits – Not-for-profit salary packaging to boost take-home pay. 
• Locations – A team of over 1,500 dedicated professionals based in modern Melbourne and Sydney CBD offices. 

To apply

If you’re passionate about fairness and believe your skills align with this role, we encourage you to apply—even if you don’t meet every single criterion. 

We welcome applications from people of all backgrounds, cultures, abilities, sexual orientations, and gender identities. If you require any accessibility support during the recruitment process, please reach out to our team at [email protected]. 

We believe fairness starts with people. That’s why we don’t use AI or automated tools to screen candidates. As a result, our processes may take a little longer, and we thank you for your patience. 

AFCA is a 2025 Circle Back Initiative Employer - we are committed to responding to every applicant.