Role: ICT Security, Risk & Compliance Lead

Location: Murarrie, Brisbane
Employment Type: Full-time, Permanent

Our Role:

At Goodstart, we're committed to keeping the information of our children, families and people safe. We're looking for an experienced ICT Security, Risk & Compliance Lead to join our growing cybersecurity team and play a key role in strengthening our security, risk and compliance capability across the organisation.

Reporting to the ICT Manager – Security & Risk, you'll lead the development and continuous improvement of Goodstart's information security policies, risk frameworks and compliance activities. Working closely with stakeholders across ICT and the wider business, you'll help ensure our systems, data and processes align with recognised security standards while supporting enterprise-wide cyber resilience initiatives.

This is an exciting opportunity to influence security outcomes across a large national organisation while working on meaningful projects that help protect the information of thousands of children, families and employees across Australia. You'll partner with technical experts, business leaders and external vendors to embed security best practice, improve cyber awareness and support Goodstart's ongoing security maturity.

We're looking for someone who combines strong security and compliance expertise with excellent stakeholder engagement skills, someone who enjoys translating complex security requirements into practical, business-focused outcomes.

Your Impact:

• Lead the development, implementation and continuous improvement of ICT security policies, standards and procedures aligned with ISO 27001 and industry best practice.
• Support the ongoing enhancement of Goodstart's ICT risk management framework, ensuring risks and controls are effectively identified, assessed and managed.
• Drive ICT audit and compliance activities by coordinating evidence gathering, reporting and remediation actions across the organisation.
• Develop and maintain ICT Business Continuity and Disaster Recovery documentation while supporting resilience planning and testing activities.
• Deliver security risk advice and recommendations to business stakeholders, project teams and technology initiatives.
• Coordinate cyber awareness initiatives, including security education programs and phishing simulation campaigns.
• Monitor ICT risk performance, maintain risk registers and report on key security metrics to support informed decision making.
• Partner with internal stakeholders and external vendors to strengthen Goodstart's security posture and ensure compliance with organisational and regulatory requirements.

What Goodstart can offer you:

• Enjoy flexible work arrangements that support both your professional and personal commitments.
• Salary packaging benefits available through AccessPay (eligibility applies).
• Access to discounted childcare (up to 15%).
• Fitness Passport – access to gyms and pools for you and your family at a heavily discounted price.
• Discounted health care and access to employee wellbeing program with BUPA.
• Exclusive discounts on travel, gym memberships, Apple and Dell products, and more.
• Free annual flu shot (optional).
• Option to purchase extra leave for even greater work-life balance.
• First Nations Support and Cultural Leave.
• Work for a company that aspires to be globally recognised for early years practice and learning outcomes.
• Gain significant investment in your growth and development with ongoing support, tools, training and experiences that will enhance outcomes for children in their earliest years.

You'll bring to the table:

• 5+ years' experience in information security, ICT risk management or compliance-focused cybersecurity roles.
• Demonstrated experience developing and implementing information security management frameworks aligned with ISO 27001.
• Strong knowledge of ICT risk management, governance, compliance and security best practices.
• Experience supporting internal and external audits, compliance reporting and evidence collection.
• Experience developing Business Continuity and Disaster Recovery documentation and supporting resilience activities.
• Proven ability to provide practical security risk advice to both technical and non-technical stakeholders.
• Excellent written and verbal communication skills with the ability to simplify complex security concepts.
• Strong stakeholder management skills and the ability to work collaboratively across multiple business functions.
• Relevant tertiary qualifications in Information Technology, Cybersecurity or a related discipline, or equivalent experience.
• Industry certifications such as CISSP, ISO 27001 Lead Implementer/Auditor or similar will be highly regarded.
• Current QLD Blue Card (or the ability to obtain one).

How to apply

Click 'Apply Now' and submit your application.

We review applications as they're received and encourage you to apply as soon as possible to give yourself the best opportunity to progress through the recruitment process.

Have a question? Contact our Talent Acquisition Team via email at recruitment@goodstart.org.au.

At Goodstart we are deeply committed to Reconciliation and encourage Aboriginal and/or Torres Strait Islander people to apply. For further information and support email deadlycareers@goodstart.org.au.

If you are a placement agency or external recruiter, please refrain from submitting resumes to Goodstart unless you have a signed staffing agency agreement with us. Goodstart will not be responsible for or pay any placement fees for candidates submitted by agencies that are not approved suppliers. Any resumes received from agencies or external recruiters without an agreement will be reviewed by Goodstart and may be shared with our internal recruiting team for their reference.

Supporting our people and protecting our children

We're an equal opportunity employer that is proud of our inclusive and diverse work environment. We know that Goodstarters from diverse cultures, backgrounds and experiences strengthen our teams and help us grow.

Safety is our priority and we will take any action necessary to ensure that all children can feel safe and be safe, and are safeguarded from abuse, neglect and harm. As a Child Safe Organisation, all candidates must have or obtain a valid Working with Children Check.