Greater Melbourne Area
Hi, my name is Dave Williams Who I am: I’m an information and cyber security leader. What I do: I reduce risk, improve compliance, and resolve complex security issues to safeguard business systems, finances and information. I have in-depth experience in stakeholder-centric security management, technology transformation, and business administration. Specifically, I: ☛ Develop practical control frameworks linked to Enterprise Risk and organisational risk appetite ☛ Clearly link current controls state to an achievable and justifiable future state ☛ Articulate initiatives to achieve the target state and deliver on multi-year works programs ☛ Enable Executive, Board and other stakeholders to ‘buy-in’ to proposed initiatives and manage change ☛ Develop personnel and processes to efficiently support ongoing risk mitigation ☛ Ensure frameworks and processes are auditable and compliant to relevant legislation I’ve worked with and achieved strong results with: ✔ Power and Utilities ✔ Financial Services ✔ Telecommunications ✔ Retailers ✔ Large manufacturers I’m best known for: ✔ Stakeholder Engagement ✔ People Management and Team Building ✔ Security Governance and Risk Management ✔ Strategy Development ✔ Security Transformation ✔ Compliance and Audit Management ✔ Understanding technical IT and Information Security concepts and communicating them to a non-technical audience ICEBREAKERS—things you won’t know about me! ✅ I have been a part of two AFL premierships (1994 U19 VAFA & 2001 NGFC) ✅ I’ve been in musical theatre casts (nominated for Best Actor in a Musical award GAT 2002)! ✅ My “pride-and-joy” is a 1938 Alvis motor car. ✅ My career although aligned in many respects, first began in the forestry, horticulture and arboriculture industries. CONTACT ME: Happy to connect with past colleagues and supervisors, and with job search consultants representing my “dream job”.
As Cyber Risk Lead within Enterprise Security Services at EnergyAustralia, I partner with business and technology leaders to strengthen cyber risk management practices across corporate IT and critical generation environments. Working within the GRC function, I lead assurance and risk oversight activities to ensure EnergyAustralia maintains a resilient, compliant and risk-aligned security posture in a highly regulated and operationally complex sector. I currently: Lead assurance assessments across corporate IT and generation sites, ensuring alignment with the Australian Energy Sector Cyber Security Framework (AESCSF) and broader regulatory obligations. Coordinate independent audit activities to validate control effectiveness, uplift security maturity, and enhance operational resilience across enterprise and operational technology environments. Develop, maintain and facilitate security policies and standards, embedding practical, risk-based controls into business operations, including governance and management of SOCI-protected information. Partner with stakeholders across technology, operations, risk and compliance to ensure cyber obligations are clearly understood, effectively implemented, and sustainably maintained. Provide risk insight and assurance reporting to support informed executive decision-making. In this role, I focus on ensuring cyber risk is not treated as a compliance exercise, but as a core business risk that is actively understood, managed and embedded into operational practice.
After a challenging career change and a rewarding decade (almost!) leading cyber security initiatives and driving strategic change, I made a conscious decision to take a career break to focus on what matters most to me - family. I stepped back to become the primary caregiver to my children and support my partner’s career as they embraced exciting new opportunities. This time away allowed me to reflect on the kind of leader I want to be, and to strengthen key attributes like emotional intelligence and adaptability - skills I’ve applied professionally but have now developed in a new and meaningful context. Throughout this period, I remained actively engaged with the industry, self-funding my attendance at the AISA Melbourne CyberCon and tracking developments in cyber security, AI, and cloud innovation. Now, I return refreshed, motivated, and ready to contribute. I’m excited to rejoin dynamic teams, tackle complex challenges, and apply my expertise in security leadership and transformation to deliver outcomes that truly matter.
Commenced as Praemium’s first dedicated Information Security resource, quickly raising the profile of cybersecurity across all levels of the organisation—from frontline teams to executive leadership and the Board. Initial efforts centred on establishing foundational controls, uplifting security toolsets, and implementing baseline protections to reduce immediate risk while building organisational trust and engagement. Alongside these technical improvements, placed strong emphasis on fostering a culture of cybersecurity awareness. Rolled out targeted training programs to equip staff with the skills to identify and respond to threats, embedding security best practices into day-to-day operations. Created a shared sense of responsibility that positioned security as a collective priority, strengthening the overall security posture of the business.
Took ownership of Information Security in an immature organisation and built understanding across senior stakeholders while developing a robust uplift strategy and initiating key projects to establish foundational components. Transformed Information Security at GMHBA from a compliance led function to a risk based and objective driven function that empowered the business. Security Transformation ✅ Developed and initiated a 3-year Information Security uplift program and obtained Executive and Board approval for internal resources and program delivery budget in excess of $2m. ✅ Executed the Information Security uplift program by re-configuring and re-platforming the Information Security toolset to deliver effective technical Information Security controls and reduce risk to within our risk appetite. Risk Mitigation and Information Security Optimisation ✅ Significantly influenced Enterprise Risk Management and the Project Delivery Lifecycle to assist in the effective delivery of Information Security initiatives. ✅ Re-designed the Information Security Management System (ISMS), including a revised suite of security standards, aligned to CPS234, ISO27001, NIST-CSF and NIST SP800-53. ✅ Developed Technology GRC processes and was part of the Technology and Data Leadership Team developing and leading the strategic direction for the Technology and Data group.
Acted as the “CISO” for the Corporate Portfolio (that is charged with digitally enabling the >60,000 strong extended workforce across Australia) by providing SME input into projects, minor works and BAU activities regarding information security requirements. Developed practical and achievable solutions to address information security risks in consultation with a wide range of business and technology stakeholders. Secure Solution Development ✅ Overcame significant resistance to specific security controls seen as impeding solution uptake through persistent stakeholder education, well-articulated compensating controls and defined risk scenarios. ✅ Was the sole Information Security Office representative with responsibility for ensuring corporate portfolio information security controls were implemented to meet Board expectations for information security risk reduction, comply with organisational information security standards and enable the IT strategy for digital enablement. Risk Mitigation and Information Security Optimisation ✅ Re-designed the Information Security Management System (ISMS), including a revised suite of security standards, in accordance with NIST-CSF and NIST SP800-53. ✅ Decreased the risk exposure of the organisation due to third parties by developing and implementing a prioritised information security assessment process to address a backlog of >9,000 suppliers.