Title: Cybersecurity Safeguards Governance Specialist Location: Sydney Australia Job Description: About this role As a key Line 2 cybersecurity governance expert, you'll shape and maintain the standards and frameworks that define "what good looks like" across our technology environment, with specialist focus on data and AI security, identity and cloud security. You'll guide capability maturity, influence cybersecurity strategy, monitor emerging tech risks, and ensure our governance frameworks are practical, current and adopted across the group. You'll work closely with peers across the risk and governance landscape, providing authoritative guidance to Line 1 teams and escalating key issues where needed. Sitting within nib's second line of defence, you'll define the rules - acting as a trusted adviser to ensure our security requirements align with industry best practice and regulatory expectations. Key areas of contribution include: - Maintain clear, practical and up to date cybersecurity standards, frameworks & guidance, including linkages into the ISMS. - Provide expert governance advice on data and AI security risks across platforms and programs. - Monitor and communicate emerging technology risks to guide capability maturity uplift and strategic planning. - Help define meaningful cybersecurity and tech risk metrics that show control alignment and standards adherence. - Document and escalate framework gaps, standards positions and risk findings through governance channels. - Work with Line 1 teams and security partners to build strong safeguards, uplift maturity and embed positive risk culture. About you You bring a genuine love of technology and a curiosity that drives you to dig beneath the surface - understanding not just what the risks are, but how and why things work the way they do. That intellectual curiosity underpins your strong understanding of current and emerging technologies and the cybersecurity risks that come with them, along with hands on experience assessing risk and recommending fit- for-purpose security technologies and services. Your background includes working closely with stakeholders to develop, define and mature security frameworks and standards, helping to drive a culture of security and IT risk awareness across large and distributed organisations. You also understand that the best way to protect a system is to first understand how it can be broken - and that attacker's mindset informs the rigour you bring to every standard, framework and safeguard you develop. You have deep knowledge of cloud, identity, data and AI security governance and associated best practice standards, complemented by a solid grasp of core security concepts such as vulnerability scanning, intrusion detection, incident response, access control, MFA, device mobility, data protection, and network and application security. Your pragmatic, risk-based approach - informed by a habit of thinking critically about how controls actually function in practice - ensures security safeguards are both effective and adaptable in fast-changing technology environments. You also bring working knowledge of PCI DSS requirements, along with a strong understanding of leading information security standards and frameworks such as ISO 27001, ISO42001, ETSI EN 304 223, NIST CSF, the ASD Essential 8 and the SANS Critical Security Controls - enabling you to align governance guidance with recognised best practice. Furthermore, we're seeking: - Have / are working towards information security industry certification(s). Beneficial qualifications and professional certifications may include: - ISC2 certifications - CRISC - SANS / GIAC / OCSP certifications - Experience working with stakeholders to maintain or implement new risk processes in a collaborative enterprise setting - A working understanding and familiarity with current cyber security controls and concepts - A working understanding of data and AI risk and relevant, commensurate safeguards to manage AI risks - A working understanding of contemporary cloud technologies, including the shared responsibility model (desired) We know some people only apply when they meet every requirement. We're always on the lookout for curious, tech-passionate individuals who will add to the culture - so if this role resonates with you and you have relevant experience, we'd love to hear from you! Who we are nib is a leader in private health insurance, disability support and health services, reshaping the industry through bold innovation, strategic disruption and trusted partnerships. We deliver great value health insurance and support services to protect, connect and empower you to access healthcare when and where you need. We have a mission and vision of people enjoying better health. Through our success, we aspire to more prosperous and sustainable communities, helping members and travellers make more informed healthcare decisions and generally live healthier lives. Diversity, equity and inclusion We embrace a flexible working environment and welcome candidates who reflect the diversity of the communities in which we operate. We're committed to an environment where everyone has the autonomy and freedom to be their authentic selves, every day. We encourage Aboriginal and Torres Strait Islander peoples, people living with disability, veterans, LGBTQIA+ as well as culturally diverse community members to apply for open roles. nib Group is committed to creating an accessible recruitment process and employment experience. If you identify as a person living with disability and require adjustments to our online application, recruitment, selection and/or assessment process, or would like this advertisement in an alternative format, please contact us at nibemployment @nib.com.au. Working at nib Our hybrid working model offers flexibility to work from home or our purpose - built office Hubs, designed for focus, connection, and collaboration. We're committed to coming together with purpose. Other benefits to support you at work (and play) include: - New starter benefit to help set up a functional home workspace - 50% discount on employee health insurance + 35% off travel insurance - The opportunity to give back to the community through paid leave for volunteering through nib foundation - Access to our nib Well Program and corporate fitness discounts - Access to employee share plans, short - term incentive program and life and salary continuance insurance benefits - 18 weeks paid parental leave for all new parents regardless of carer status, 5 days paid cultural leave for First Nations peoples and 4 weeks paid gender affirmation leave for trans, gender diverse and intersex employees The fine print All your information will be kept confidential according to EEO guidelines. Successful applicants will be required to complete a background check (including criminal history and bankruptcy check) prior to commencement of employment. We acknowledge Aboriginal and Torres Strait Islander peoples as the Traditional Custodians of the lands where we live, learn and work.

Title: Incident Response Specialist Location: Parramatta Australia Job Description: Primary Details Time Type: Full time Worker Type: Employee - Location: Parramatta/Sydney - Type: Permanent, full-time position - Hybrid role, Happy to talk flexible working - Click here to discover what it's like to be a part of QBE Group The opportunity Reporting to CDC Manager, Incident Response Specialist will be a key member of our rapidly growing Cyber Defence Centre. This is an exciting hands-on technical role in which the specialist will use their security skills and knowledge to perform advanced analysis on the collection of cyber threats using high-level proactive and reactive threat hunting methods, classifying, analysing, prioritising and remediating security alerts/events. The focus is to provide effective, proactive and a highly technical analytical response to cyber security-related incidents to prevent QBE from becoming compromised by modern attack methods and techniques. About QBE - At QBE, we get to the heart of what matters for our customers. And we do it all with a human touch. - We're an international insurer with more than 13,000 people working across 26 countries - which means we're big enough for your ambitions, yet small enough for you to make a real impact. It's an exciting time. We're building momentum towards our vision to become the most consistent and innovative risk partner. - What if you could have a positive impact - at work and in the world? As part of the QBE team, you'll get to spend every day working with people who are passionate, talented and kind. Your new role In this role, you will take the lead during complex cybersecurity incidents, providing clear direction, maintaining control of the response, and ensuring all actions are aligned to the Global Incident Management Plan. You'll also play a critical role in validating investigations, driving threat-led activities, and strengthening the CDC's overall operational effectiveness. Key responsibilities include: - Lead and coordinate responses to high and critical severity cybersecurity incidents, ensuring structured execution across technical and business stakeholders - Act as the primary escalation point during complex investigations, maintaining oversight of decisions, risks, and containment actions - Provide validation and assurance of Tier 2 investigations, including scope of compromise, lateral movement analysis, and containment effectiveness - Drive threat-led response activities, including targeted threat hunting based on credible intelligence and observed adversary behaviours - Translate threat intelligence into operational outcomes such as detection improvements, escalation guidance, and incident criteria enhancements - Lead or contribute to post-incident reviews, ensuring lessons learned are embedded into playbooks, detection logic, and operational processes About You You are a technically strong cybersecurity professional with a passion for incident response and threat analysis. You bring a proactive, analytical mindset and are confident operating in high-pressure environments, with the ability to communicate clearly across both technical and non-technical stakeholders. Key Requirements: - Proven experience in Security Operations, Incident Response, or a related cybersecurity function - Strong experience investigating and responding to cybersecurity incidents in enterprise environments - Ability to lead or coordinate technical response activities during complex incidents - Solid understanding of modern attacker tactics, techniques, and threat landscapes - Experience with threat hunting, threat intelligence, and detection improvement practices - Tertiary qualification in Cybersecurity, IT, or equivalent industry experience Benefits We offer a range of benefits to help provide holistic support for your work life, whatever your circumstances. As a QBE employee you will have access to and benefit from: - 'Hybrid Working' - a mix of working from home and in the office to enhance your work/life balance - Free holistic wellbeing coaching, nutritional, confidential counselling, financial and legal advice - 18 weeks' gender-equal flexible leave for all new parents, including paid super To learn more about the benefits of working with us, click here. Awards & Recognition We value our employee's experience with us and are proud to have been recognised for the following awards: - 2025 Winner of Excellence in Diversity, Equity & Inclusion Award at the Insurance Business Australia Awards for our Respect@QBE program - 2023 Most Inclusive Workplace at the Australian HR Institute (AHRI) Awards - Ranked in the top ten in the AAGE Top Graduate Employers 2025 for medium sized program as voted by graduates To learn more about our achievements, click here. How to Apply If you're looking for a career that combines your expertise and your empathy, click Apply today. Successful applicants will need to complete work rights, police and credit checks through our online provider as a condition of employment. Your career. At the heart of it. QBE recognises the value of diverse perspectives and experience. We are committed to an inclusive workplace where everyone feels valued and respected for who they are. If we can provide support with access requirements, alternative work arrangements or you would like to connect with one of our networks please contact us at recruitment@qbe.com. Skills: Adaptability, Business Continuity, Communication, Critical Thinking, Customer Service, Cybersecurity Risk Management, Digital Forensics, Intentional collaboration, Malware Analysis, Managing performance, Process Improvements, Reporting and Analysis, Risk Management, Security Incident Response, Stakeholder Management Application Close Date: 08/06/2026 11:59 PM How to Apply: To submit your application, click "Apply" and follow the step by step process. Equal Employment Opportunity: QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.

Role Description SAIC is seeking a hands-on Cybersecurity Information System Security Manager (ISSM) to support a part-time program within the Department of War (DoW). This position focuses on leveraging Risk Management Framework (RMF), Continuous Monitoring (ConMon), and cybersecurity best practices to ensure the security posture of the system and operations. The successful candidate will collaborate with cross-functional teams, execute vulnerability management, and provide guidance on security compliance using tools and methodologies aligned with contract requirements. This is a remote / work from home position, approximately 10 hours per week. Duties and Responsibilities - Compliance Management: Ensure systems and processes comply with DoW Information Assurance (IA) regulations, RMF, NIST 800-53, and other applicable policies. - Maintain and manage the Authorization to Operate (ATO) lifecycle, including ConMon of networks and systems. - Conduct vulnerability assessments (e.g., with ACAS, STIGs) and execute remediation plans. - Review security alerts to detect and assess potential anomalies. - Conduct ConMon tasks, including Configuration Control Board (CCB) impact reviews, patching recommendations, and ATO delta documentation. - Support vulnerability scanning efforts by reviewing scan reports, tracking mitigations, and documenting residual risks. - Assist in maintaining RMF documentation—such as System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and archiving security artifacts in Enterprise Mission Assurance Support Service (eMASS). - Review and assess access logs and user activity reports to identify and report potential inconsistencies or anomalies. - Use Jira for tracking cybersecurity and engineering activities facilitating ConMon of security measures. - Manage cybersecurity incidents, including detection, response, documentation, and post-incident analysis. - Report security breaches and other incidents to senior cyber authorities per DoW instructions. - Support the creation and dissemination of program-wide security awareness initiatives. - Serve as a bridge between Information System Security Officer (ISSO) and engineers. Company Description SAIC® is a premier Fortune 500® mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives. We are approximately 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.3 billion. For more information, visit saic.com . For ongoing news, please visit our newsroom .

• Identify and close gaps across application security, secure design review, and vulnerability management. • Conduct threat modeling, secure design reviews, and code reviews to identify practical remediation paths. • Partner closely with engineering teams to provide product-focused security expertise and shape a modern security program. • Mature how we think about security in a developer-first environment, balancing pragmatism with strong technical judgment. • Distinguish between theoretical risk and material business risk to prioritize security efforts effectively. • Improve security posture through scalable mechanisms like tooling, automation, secure defaults, and developer-friendly guardrails. • Support security incident response by helping triage, investigate, and coordinate remediation for product and platform security issues. • Participate in security on-call rotations, helping respond to urgent security events with clear judgment and calm execution. • Help manage and mature our bug bounty and vulnerability disclosure processes, including triage, validation, prioritization, and coordination with engineering teams.