Role: ICT Security & Risk Manager (Internal Title: ICT Manager – Security & Risk)

Location: Murarrie, Brisbane

Employment Type: Full-time, Permanent

Drive the next chapter of Goodstart's cybersecurity maturity journey, leading strategic security initiatives that strengthen resilience, reduce risk and support better outcomes for children and families.

Our Role:

At Goodstart, we're committed to keeping the information of our children, families and people safe. We're seeking an experienced ICT Security & Risk Manager to lead our cybersecurity, risk and compliance function, ensuring our technology environment remains secure, resilient and aligned with industry best practice.

Reporting to the Chief Information Officer, you'll play a key role in shaping and delivering Goodstart's ICT Security Strategy while supporting a significant program of work focused on infrastructure resilience, cyber maturity and data protection. You'll work closely with major technology partners and vendors, drive security initiatives across the organisation, and help position Goodstart for future compliance requirements, including ISO 27001 certification and emerging regulatory reforms.

This is a unique opportunity to join a purpose-driven organisation at a pivotal point in its cybersecurity maturity journey. You'll have the opportunity to influence enterprise-wide security practices, lead a small team, and contribute to strategic initiatives that protect the information and wellbeing of thousands of children, families and employees across Australia.

We're looking for a leader who combines strong technical and risk expertise with a pragmatic, hands-on approach, someone who is equally comfortable developing strategy, engaging stakeholders and rolling up their sleeves to support operational outcomes when required.

Your Impact:

• Lead the delivery of Goodstart's ICT Security Strategy and Security Roadmap, strengthening cybersecurity capabilities across the organisation.
• Drive security and risk initiatives as part of Goodstart's Resilient Technology Fund (RTF) program, focused on infrastructure stability, cyber resilience and data protection.
• Oversee security operations, vulnerability management, threat monitoring, incident response and cyber resilience activities.
• Maintain ICT risk registers, treatment plans and reporting frameworks, ensuring alignment with ISO 27001, NIST, CIS Controls and Essential Eight standards.
• Partner with key technology vendors and service providers to ensure secure, reliable and value-for-money services.
• Support Goodstart's journey towards ISO 27001 certification while ensuring readiness for evolving regulatory and child safety requirements.
• Lead audit, compliance, assurance, business continuity and disaster recovery activities, ensuring security controls remain effective and fit for purpose.
• Manage and develop a high-performing Security & Risk team while fostering a strong culture of cyber awareness and accountability across the organisation.

What Goodstart can offer you:

• Enjoy flexible work arrangements that support both your professional and personal commitments.
• Salary packaging benefits available through AccessPay (eligibility applies).
• Access to discounted childcare (up to 15%).
• Fitness Passport – access to gyms and pools for you and your family at a heavily discounted price.
• Discounted health care and access to employee wellbeing program with BUPA.
• Exclusive discounts on travel, gym memberships, Apple and Dell products, and more.
• Free annual flu shot (optional).
• Option to purchase extra leave for even greater work life balance.
• First Nations Support and Cultural Leave.
• Work for a company that has an aspiration to be globally recognised for early years practice and learning outcomes.
• Gain significant investment in your growth and development with support, tools, training and experiences that will truly enhance the progress and outcomes for children in their earliest years.

You'll bring to the table:

• Relevant tertiary qualifications in Information Technology, Cybersecurity, Information Systems, Risk Management or a related discipline, or equivalent industry experience.
• 5 + years of leadership experience within cybersecurity, technology risk, security operations or ICT environments.
• Strong experience managing cybersecurity risk, security controls, vulnerability management, security operations and incident response activities.
• Hands-on experience with Microsoft security technologies including Microsoft 365, Entra ID, Azure, Defender and Intune.
• Experience working with Security Operations Centre (SOC) capabilities, SIEM platforms, vulnerability management and threat monitoring processes.
• Strong understanding of recognised security frameworks and standards, including ISO 27001, NIST, CIS Controls and the ASD Essential Eight.
• Proven experience working with external technology vendors, managed service providers and complex technology contracts.
• The ability to communicate complex technical concepts clearly and influence stakeholders at all levels of the organisation.
• A collaborative, values-driven leadership style with a willingness to roll up your sleeves and contribute wherever needed.
• A genuine alignment with Goodstart's purpose, values and commitment to supporting children and families.
• Industry certifications such as CISSP, CISM, CRISC, Security+ or similar will be highly regarded.
• Current QLD Blue Card (or willing to obtain one).

How to apply

Click ‘Apply Now' and submit your application.

We review applications as they are submitted. We encourage you to submit your application as soon as possible for your best chance to progress to the next stage of the process.

Have a question? Contact our Talent Acquisition Team via email recruitment@goodstart.org.au

At Goodstart we are deeply committed to Reconciliation and encourage Aboriginal and/or Torres Strait Islander people to apply. For further information and support email deadlycareers@goodstart.org.au

If you are a placement agency or external recruiter, please refrain from submitting resumes to Goodstart unless you have a signed staffing agency agreement with us. Goodstart will not be responsible for or pay any placement fees for candidates submitted by agencies that are not approved suppliers. Any resumes received from agencies or external recruiters without an agreement will be reviewed by Goodstart and may be shared with our internal recruiting team for their reference.

Supporting our people and protecting our children

We're an equal opportunity employer that is proud of our inclusive and diverse work environment. We know that Goodstarters from diverse cultures, backgrounds and experiences strengthen our teams and help us grow. We're also deeply committed to Reconciliation and creating an environment where Aboriginal and Torres Strait Islander People feel a strong sense of belonging and connection.

Safety is our priority and we will take any action necessary to ensure that all children can feel safe and be safe, and are safeguarded from abuse, neglect and harm. As a Child Safe Organisation, all of our candidates must have or obtain a valid working with children check.