FCTG Careers_home page banners_1920x3004 FCTG Careers_home page banners_1920x3009 FCTG Careers_home page banners_1920x30010 FCTG Careers_home page banners_1920x3008

Enterprise Risk - IT Risk and Security Specialist

Apply now Job no: 504556
Brand: Global Finance
Work type: Full time
Location: Queensland
Categories: Information & Technology

Job Purpose:

This role will work closely with the GM Enterprise Risk in defining and deploying Flight Centre Travel Group’s (FCTG) global approach to all aspects of risk management and ensuring its effective implementation. This role will also work alongside the Group Chief Information Security Officer on ensuring that risks are identified and managed to support the Information Security strategy.

This role offers you the opportunity to get to know many of the senior operational and technology leaders globally, as well as exposure to all parts of the business. This will also open up other opportunities for you within the group should you wish to pursue them in the future.

Main Responsibilities:

  • Assist in the development of an appropriate IT Risk Management framework for FCTG
  • Assist in the development of a risk management culture across FCTG through engagement with key stakeholders – particularly CIO’s
  • Discipline leaders, Audit Committee and Board, external auditors
  • Assist in the deployment of the Risk Management best practise across FCTG’s Global operations
  • Monitor implementation and compliance globally
  • Support local IT Risk Leaders in the development and oversight of Internal Audit functions
  • Serve as a subject matter expert (SME) for performing vendor risk assessments to improve overall vendor risk posture
  • Recommend required changes to IT risk & security policies and procedures
  • Monitor compliance with security policies, standards, guidelines and procedures
  • Ensure security compliance with legal and regulatory standards
  • Provide guidance on business continuity and disaster recovery design and implementation for enterprise-wide disaster recovery management programs
  • Assist in the development of the annual risk management plan to be approved by the audit committee
  • Assist in the development of a targeted review plan for all FCTG countries of operation
  • Plan and undertake IT risk and security reviews over nominated FCTG Countries of operation every 18 months
  • Plan and conduct targeted reviews of nominated businesses with the FCTG group
  • Identify and report on high risk items and common themes for presentation locally and to Audit Committee
  • Support local management in the development of remedial actions to address identified risks
  • Work directly with third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk
  • Assess potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications
  • Monitor risk mitigation and coordinate policy and controls to ensure that other managers are taking effective remediation steps
  • Perform due diligence assessments over acquisitions and suppliers as requested by business leaders and managers
  • As directed undertake specific reviews in relevant country/countries to quantify risk and status
  • Report on findings and make local and global recommendations
  • Responsibility for the preparation of a number of global risk reports and global risk matrix
  • Ensure submissions received from all FCTG countries, findings consolidated and appropriate conclusions drawn and timely communication of report to stakeholders

Skills and Experience:

  • Minimum 4 years’ experience in IT audit, information security or IT risk role
  • Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or equivalent
  • Bachelor’s Degree in Information Security, Computer Science, Information Systems or other related field
  • Proven analytical and problem-solving abilities
  • A thorough understanding of risk management frameworks (e.g. ISO 31000)
  • Experience in IT risk and security assessments to standards, such as ISO27001
  • Ability to adapt and change approach to work with both technical and non-technical audiences
  • Good written, oral, and interpersonal communication skills
  • Ability to conduct research into IT security issues as required
  • Ability to present ideas in business-friendly and user-friendly language

 Our Benefits include:

  • Generous remuneration structure
  • Travel discounts, in-house financial and health services, access to internal 24/7 gym
  • Global career opportunities in a network of brands and businesses
  • Ongoing training and professional development
  • Fun and flexible work environment
  • Proud Corporate Social Responsibility platform through the Flight Centre Foundation, Responsible Travel Charter, and Brighter Futures programs
  • Monthly awards nights, conferences, industry/social events, and the opportunity to attend global awards internationally

We’re proud to have been recognised as an Employer of Choice in the Australian Business Awards 2018, in addition to Best Agency Group at the AFTA 2018 National Travel Industry Awards


Applications close: E. Australia Standard Time

Back to search results Apply now

Share this:

| More

Work type