Head of Third Party Risk Management – Cyber Security Resilience Job no: 531836 Work type: Permanent Full Time Location: Sydney, Brisbane Categories: Technology The Star Entertainment Group (TSEG) is a publicly listed company on the ASX. Our purpose is to create fun at trusted destinations and our aim is to deliver sustainable outcomes for our guests, our Team Members, the communities in which we exist and our shareholders. We do this by providing entertainment, gaming, and leisure experiences in a safe, responsible, and ethical way. As our Head of Third Party Risk Management reporting to the Chief Information Security Officer, you will be responsible for building and leading a comprehensive program that safeguards the organisation from security vulnerabilities associated with third-party vendors. This is a fantastic opportunity where you will be developing and implementing a vendor lifecycle management process with robust security practices, overseeing assessments of third-party security posture, and establishing clear contractual obligations for data security and incident disclosure. A few of your responsibilities: Lead the development and implementation of a comprehensive TPRM encompassing vendor lifecycle management, security risk assessments, contractual obligations, and ongoing program improvement. Collaborate with key stakeholders across the organisation to understand security requirements for different third-party relationships and define clear guidelines governing those engagements (data security, incident response, regulatory compliance). Stay up to date on evolving cyber threats, industry best practices, and regulatory requirements for TPRM. Develop and implement a vendor lifecycle management program that integrates cybersecurity best practices throughout the engagement process (onboarding, ongoing monitoring, offboarding). Oversee the development and implementation of a standardised approach for evaluating third-party security posture, including reviewing security questionnaires, independent certifications (SOC II, ISO 27001, PCI DSS), penetration tests & vulnerability assessments. What we are looking for: Minimum 5-7 years of experience in third-party risk management or a related role. Proven track record of developing and implementing successful third-party security risk management programs. Strong understanding of cybersecurity best practices and frameworks (e.g., NIST CSF, ISO 27001). Excellent analytical and problem-solving skills. Experience in contract management and vendor relationship management is a plus. About you: You have a strong background in managing third-party relationships and building solid connections with multiple organisations and stakeholders. Additionally, you possess deep expertise in managing cyber threats, ensuring robust security measures are in place to protect organisational assets. What we can offer you: Complimentary meal on site every day including hot meals, sandwich bar and more. Flexible working arrangements. Up to 30% discounts across award winning restaurants and accommodation. An organisation that values diversity, teamwork and being your best self. Diversity & Inclusion areas of focus including Multicultural, Gender, Aboriginal & Torres Strait islander and LGBTQI+. Extraordinary growth opportunities personally and professionally. Opportunity to work with elite professionals and assets. Please be aware that eligibility checks are required as part of the recruitment process and ongoing employment for this position. Our culture: Each team member is expected to champion The Star's Purpose, Values, and Principles (PVP), which serve as the cornerstone of The Star's culture. We welcome applications from all cultures, ages, religions, genders, LGBTQI+ people, Australia's First Nations Peoples, and people with disabilities. The Star was awarded WGEA Employer of Citation for Gender Equality (2022-24) and has been recognised as a 2024 GOLD Employer by the Australian Workplace Equality Index (AWEI), which evaluates LGBTQI+ inclusiveness in the workplace. Advertised: 12 Nov 2024 AUS Eastern Daylight TimeApplications close: 26 Nov 2024 AUS Eastern Daylight Time #J-18808-Ljbffr