Information Security Officer

The Company

Join our industry-leading team in the fast-moving supply chain technology space, with clients across the globe!

Thomax is a rapidly growing developer of SaaS cloud-based supply chain software, with our technology powering millions of parcel movements each year across a wide range of sectors and businesses. Originally founded in Australia, Thomax now has subsidiaries in United Kingdom, United States, Canada, Singapore, and New Zealand. This is your opportunity to be a part of a global success story.

We are actively seeking an experienced Information Security Officer in our Sydney office located in Pymble. This role would work very closely with and provide support to our Product and Development Teams, as well as Technical and Executive Teams.

Why us?

As part of the Thomax team you will enjoy the following benefits:

• Up to 6 weeks of Annual Leave
• Rapid career development and ongoing learning opportunities
• Flexible and hybrid working arrangements
• Company bonus/incentive
• Employee referral bonus
• Volunteer paid time off to make an impact outside
• Access to wellbeing and safety support services including “Employee Assistance Program”
• Free on-site parking

On your first day, you should be able to

• Lead the Information Security practices of the business across Product and Corporate IT
• Steer the technological direction of the business for both Product and Corporate infrastructure, networks and software
• Participate in the development of cyber security related strategies that address information control requirements. Identifies and monitors environmental and market trends and pro-actively assesses impact on business strategies, benefits, and risks
• Development of cyber security policies, standards, processes, and guidelines for security operations that are fit for purpose, current and are appropriately implemented.
• Ensure security architectural principles are applied during design to reduce risk and drives adoption and adherence to policy, standards, and guidelines
• Manage security incidents, including investigation, containment, and resolution and implement preventive measures to mitigate future risks
• Collaborate with internal stakeholders, including product, solutioning, operations, development, risk and compliance, to ensure alignment of security initiatives with business goals and objectives
• Stay abreast of emerging threats, vulnerabilities, and industry trends to proactively address potential security risks
• Managing external partners (vendors and service providers)
• Establishing and maintaining compliance with relevant privacy and data protection legislation and standards such as GDPR
• Liaising with clients to ensure security questionnaires are appropriately documented.

Technical skills & abilities

• Proven ability to manage multiple projects across multiple domains, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
• Sound knowledge of information security technologies, such as firewalls, proxies, Web Application Gateways, SIEM, Intrusion Detection and Prevention, DLP, encryption and endpoint security.
• Sound knowledge of modern security architectural design principals and components such as Zero Trust, Authentication / Authorisation, Penetration Testing, User Behaviour Analytics, and Vulnerability detection and management
• Experience managing workloads in an ITIL based support environment
• Experience with cloud security principles and technologies, preferably Microsoft Azure & Microsoft 365
• Experience with bare metal product solutions collocated in data centres
• Proven experience in developing and implementing information security strategies, standards, policies, and procedures.
• Proficient knowledge and experience ensuring compliance against Cyber Security frameworks (e.g., Essential 8 (E8), ISO27001, and NIST Security Frameworks).

Additional requirements

• Strong knowledge of Information Security Management Systems (ISMS)
• Experience in risk management and maintaining risk within agreed tolerances
• Expertise in developing and implementing security policies, procedures, and controls
• Familiarity with industry regulations and compliance standards (e.g., ISO 27001, GDPR)
• Ability to identify and assess security risks and implement appropriate mitigation strategies
• Proficient in conducting security audits, assessments, and incident response
• Strong problem-solving skills with a proactive approach to security threats
• Excellent communication and stakeholder management skills
• Experience in supporting business growth while ensuring the security of information systems.

Successful applicant will need to provide a satisfactory national police check.