Greater Melbourne Area
•Information Security leader with 15+ years of experience spanning financial services, retail, logistics, and healthcare industries. •Comprehensive expertise across security domains including operations, engineering, architecture, and governance, risk & compliance (GRC). •Deep technical security knowledge complemented by strong communication skills and the ability to engage effectively with executives, stakeholders, and cross‑functional teams. •Proven leadership in building and developing high‑performing teams, fostering collaboration, and driving strategic security initiatives.
Key Achievements • Stepped up as Acting Head of Security, successfully re‑baselining the enterprise Security Program, driving audit remediation to completion, and sustaining team momentum and morale during a critical transition period. • Established and scaled Security Operations, Security Engineering, and Application Security functions from inception, building high‑performing teams that now underpin the organisation’s security capability. • Designed, implemented, and continuously evolved the Security Program, proactively incorporating new initiatives to address emerging threats and ensuring resilience in a rapidly changing landscape. Key Responsibilities • Act as 2IC to the Head of Security, providing strategic support and leadership across all security functions. • Lead, manage, and develop the Security Operations, Security Engineering, and Application Security teams to ensure operational excellence and continuous improvement. • Collaborate with the Head of Security to design, implement, and evolve the enterprise‑wide Security Program. • Prepare and deliver clear, insightful reporting to the Board and Steering Committees, translating technical risk into business‑focused outcomes. • Prioritise, oversee, and drive enhancements to core security capabilities, including Identity and Access Management (IAM), Endpoint Detection and Response (EDR), Application Security, Web Proxy/CASB, Vulnerability Management, and SIEM/SOC. • Direct the management of security and fraud incidents, ensuring timely response, effective remediation, and lessons‑learned integration. • Oversee budget planning and vendor management, optimising resources and ensuring value from external partnerships
Key Achievements • Directed the tactical remediation phase of the Security Uplift project, successfully identifying and resolving vulnerabilities across legacy environments to strengthen overall resilience. • Led the enterprise‑wide deployment of critical security controls across existing platforms, including endpoint protection, vulnerability management, privileged access management, and security monitoring, ensuring consistent and effective coverage. • Designed and formalised reusable security patterns for network and privileged access management, establishing scalable standards that improved consistency and reduced risk. Key Responsibilities • Develop security patterns that define reusable, secure methods to meet evolving business and regulatory requirements. • Provide leadership, prioritisation, and technical direction to teams responsible for onboarding existing applications onto enterprise security controls, ensuring smooth integration and minimal disruption. • Prepare and deliver comprehensive reports and presentations to steering committees, clearly articulating current status, key decisions, available options, and recommended actions to support informed governance.
Key Achievements • Directed and successfully completed Medibank’s PCI‑DSS assessment, overseeing remediation activities across both on‑premises and cloud environments to ensure compliance and strengthen resilience. • Led comprehensive security reviews for a high‑profile program of work, addressing technical, fraud, and partner risk dimensions to safeguard critical business outcomes. Key Responsibilities • Lead and deliver security consulting engagements, presenting findings to business stakeholders and providing mentorship to junior team members to build capability. • Conduct in‑depth security assessments of vendors and their solutions, ensuring alignment with organisational standards and regulatory requirements. • Develop and map security frameworks, leveraging the NIST Cybersecurity Framework and preparing the organisation for CPS 234 compliance.