Chief Information Security Officer

About Greater Western Water

We’re water… and more.

GWW is a Victorian government owned water corporation that provides an essential service to some of the fastest-growing communities in Australia, stretching from Melbourne’s CBD to Lancefield in the north and Bacchus Marsh in the west. Click here to learn more

Benefits

• We embrace flexibility and connection with a balance of on-site and WFH
• Free onsite parking (subject to availability)
• Gender neutral, 16-week parental leave available from commencement
• Monthly work life balance day off to treat yourself (if full-time)
• Free income protection and salary continuance insurance
• Access to corporate health insurance deals with major providers
• Wellbeing, prayer, and sensory rooms in the Footscray and Sunbury office

The opportunity

The Chief Information Security Officer (CISO) is a key senior leadership role within Greater Western Water, sitting at the heart of the IT & Digital (IT&D) function reporting into the Chief Information Officer. Responsible for leading enterprise-wide cyber security across both information and operational technology environments, this role will shape and deliver a forward-thinking security strategy aligned to business objectives. With oversight of governance, security operations, and risk management, the CISO will provide critical assurance to stakeholders while driving continuous improvement in cyber maturity. This is a pivotal opportunity for an experienced leader to safeguard essential services, respond to an evolving threat landscape, and ensure the organisation meets its regulatory obligations with a balanced and strategic approach to risk.

Responsibilities

• Develop and deliver an enterprise-wide cyber security strategy and roadmap aligned to business objectives, addressing current and emerging threats across IT, OT (Operational Technology), and third-party environments.
• Embed a strong security-conscious culture through engaging, business-friendly initiatives and organisation-wide cyber security exercises.
• Oversee security risk management, ensuring effective identification, mitigation, and governance of risks and issues.
• Provide clear reporting and insights to the CIO, Board, and committees on cyber posture, performance, and emerging threats.
• Lead day-to-day security operations, including continuous threat monitoring and proactive response to minimise risk.
• Provide technical leadership during cyber incidents to ensure effective response and minimal business disruption.
• Establish and maintain security policies, standards, architecture, and incident response frameworks.
• Partner with the CIO to demonstrate the value and impact of cyber security initiatives and roadmap delivery.
• Build and lead a high-performing team, fostering accountability, continuous improvement, and capability development.
• Translate strategy into a clear operating plan, contributing to enterprise decision-making and aligning security outcomes with organisational priorities.
• Build strong senior stakeholder relationships and effectively manage and escalate emerging issues.
• Champion a culture of safety, wellbeing, diversity, and inclusion while supporting employee growth and development.

Skills & Experience 

• Experience across both IT and OT environments, including securing industrial control systems and critical infrastructure.
• Proven experience developing and delivering enterprise cyber security strategies and roadmaps.
• 7+ years’ leadership experience managing cyber security functions and teams.
• Strong executive communication skills, able to translate technical risks into business impact and value.
• Demonstrated ability to lead complex cyber programs and provide strategic thought leadership.
• Expert knowledge of security frameworks (e.g. NIST, ISO 27001, ISM) and hands-on implementation of standards such as NIST CSF, Essential Eight, PCI-DSS or COBIT.
• Financial acumen to manage and optimise cyber security budgets.
• Experience leading cyber incident and breach response.
• Relevant tertiary qualifications and industry certifications (e.g. ISACA, ISC2).
• Desirable: knowledge of critical infrastructure regulations (e.g. SOCI Act) and Operational Technology environments (e.g. Purdue model).

See yourself thrive

Our vision for GWW is Thriving People and Country. We aim to be as diverse as the communities we serve and are deeply committed to building a workplace where everybody thrives. We’re supportive, inclusive, and friendly, and value everyone for who they are and what they can bring.  

We’re seeking applicants across all cultural backgrounds, genders, and abilities, and will make reasonable adjustments as required, so please talk to us about what you need.

Don’t delay your application, include your resume, and cover letter (no more than 1 page), shortlisting will commence early!

Applications close Friday 3rd July 2026

The successful candidate will be required to complete pre-employment checks, including reference checks, medical assessments, a national police check, a SOCI check and verification of working rights in Australia.