About us:
HUB24 leads the wealth industry as the best provider of integrated platform, technology and data solutions.
At HUB24, we know the smartest investments start with our people. We are innovative and ambitious, and we move fast. At HUB24, we empower our employees to bring their ideas and creativity to work. Rather than getting bogged down in bureaucracy and red tape, we build a culture that supports our team members to have a real impact on our business and the success of our customers.
HUB24 Limited is a company listed on the Australian Securities Exchange (ASX: HUB)
About the role:
The Information Security Officer is responsible for ensuring the Information Security Management System operates effectively to support the growth of the business whilst managing risk within agreed tolerances.
Responsibilities:
• Maintain ISMS across HUB24 Group by developing and managing Policies, Standards, Guidelines and Processes as related to the Information Security Framework.
• Lead liaisons with key internal and external stakeholders to ensure compliance with PCI DSS, ISO27001, ASAE3402, ATO OSF, CPS 234,
Privacy Act and internal frameworks.
• Lead implementation of information security strategies, risk management framework and maintain risk registers across the Group.
• Lead information security education and awareness training initiatives for all employees, contractors and suppliers as applicable.
• Conduct compliance readiness assessments and assurance activities against policies and standards requirements.
• Lead and ensure timely responses to external audits, client reviews and attestations.
• Ensure information security improvement actions, and audit findings are evaluated, validated and implemented as required.
• Conduct third party security assessments against internal and industry standards.
• Continuously lead Controls Improvement.
• Assist with preparing reports to measure and track the effectiveness of ISMS.
• Assist with incident response planning - Business continuity planning, Security Incidents, Disaster Recovery.
• Assist with coordinating and investigating security incidents.
• Work collaboratively, share responsibilities, provide support to other team members as required.
• Provide timely and accurate reporting, including updates to the line manager. In addition, support and assistance to the line manager as required.
Skill requirements:
• 1-4 year’s working experience in Information Security
• Familiarity of security and risk-related standards or frameworks such as ASD8, NIST, ISO, GDPR
• Bachelor's Degree or relevant work experience and/or ISO 27001 Lead Implementer/Auditor, CISM, CISA, CRISC a plus
• Understanding of the Financial Services Sector is desirable.
• Capable of driving execution and influence stakeholders in teams and locations disbursed interstate.
• Ability to work and adjust to changing focus and priorities. Must be able to successfully execute with multiple, competing priorities.
• Previous experience in implementing or maintaining an ISMS as governed by the ISO 27001 standard.
• Previous experience in implementing awareness programs and participating in security audits
HUB24 leads the wealth industry as the best provider of integrated platform, technology and data solutions.
At HUB24, we know the smartest investments start with our people. We are innovative and ambitious, and we move fast. At HUB24, we empower our employees to bring their ideas and creativity to work. Rather than getting bogged down in bureaucracy and red tape, we build a culture that supports our team members to have a real impact on our business and the success of our customers.
HUB24 Limited is a company listed on the Australian Securities Exchange (ASX: HUB)
About the role:
The Information Security Officer is responsible for ensuring the Information Security Management System operates effectively to support the growth of the business whilst managing risk within agreed tolerances.
Responsibilities:
• Maintain ISMS across HUB24 Group by developing and managing Policies, Standards, Guidelines and Processes as related to the Information Security Framework.
• Lead liaisons with key internal and external stakeholders to ensure compliance with PCI DSS, ISO27001, ASAE3402, ATO OSF, CPS 234,
Privacy Act and internal frameworks.
• Lead implementation of information security strategies, risk management framework and maintain risk registers across the Group.
• Lead information security education and awareness training initiatives for all employees, contractors and suppliers as applicable.
• Conduct compliance readiness assessments and assurance activities against policies and standards requirements.
• Lead and ensure timely responses to external audits, client reviews and attestations.
• Ensure information security improvement actions, and audit findings are evaluated, validated and implemented as required.
• Conduct third party security assessments against internal and industry standards.
• Continuously lead Controls Improvement.
• Assist with preparing reports to measure and track the effectiveness of ISMS.
• Assist with incident response planning - Business continuity planning, Security Incidents, Disaster Recovery.
• Assist with coordinating and investigating security incidents.
• Work collaboratively, share responsibilities, provide support to other team members as required.
• Provide timely and accurate reporting, including updates to the line manager. In addition, support and assistance to the line manager as required.
Skill requirements:
• 1-4 year’s working experience in Information Security
• Familiarity of security and risk-related standards or frameworks such as ASD8, NIST, ISO, GDPR
• Bachelor's Degree or relevant work experience and/or ISO 27001 Lead Implementer/Auditor, CISM, CISA, CRISC a plus
• Understanding of the Financial Services Sector is desirable.
• Capable of driving execution and influence stakeholders in teams and locations disbursed interstate.
• Ability to work and adjust to changing focus and priorities. Must be able to successfully execute with multiple, competing priorities.
• Previous experience in implementing or maintaining an ISMS as governed by the ISO 27001 standard.
• Previous experience in implementing awareness programs and participating in security audits
