Head of Cyber GRC

Posted 9 Hours Ago
Be an Early Applicant
Melbourne, Victoria, AUS
In-Office
Senior level
Software
The Role
Lead and modernize REA's cyber GRC by implementing a GRC platform, automating compliance evidence collection, redesigning third-party risk, defining metrics and reporting, leading distributed teams, and advising senior leaders on cyber risk and standards (ISO 27001, PCI-DSS, SOC 2, NIST CSF).
Summary Generated by Built In
  • Lead the next evolution of cyber GRC at REA through platform, automation and smarter risk reporting
  • Shape how a product-led technology organisation understands and reduces cyber risk
  • Lead a distributed team across Australia and India while partnering closely with senior leaders

We're REA

With bold and ambitious goals, REA Group is changing the way the world experiences property. No matter where you're at on your property journey, we're here to help with every step – whether that's finding or financing your next home. Our people are the key to our success. At the heart of everything we do is a thriving culture centred around high performance and care. We are purpose driven and collaborative, which drives innovation and our ability to make a real impact.

As such, we’re proud to have been named one of Australia’s Best Workplaces four times since 2021 — including third place in 2025 — plus Best Workplace for Women in 2023 and Best Workplace in Technology in 2024 and 2025. These listings are testament to every person who helps make REA a great place to work.

Where the team fits in

Our Cyber Governance, Risk and Compliance team exists to ensure REA has a shared understanding of cybersecurity risk, a practical approach to compliance, and a policy and control environment that is simple to understand and apply.

This team is already well established, but the way it works needs to evolve. That evolution is at the heart of this role. You'll be the person our leaders turn to when deciding what to work on next - driving a shared understanding of our cyber risks.

What the role is all about

This is a rare opportunity to reshape how cyber GRC is done inside a modern product and technology business. Over your first year, you will make the case for and implement a GRC platform, overhaul how we measure and report cyber risk, automate compliance evidence collection, and modernise or replace existing processes so the team’s time is invested where it most reduces risk.

You’ll be the clearest voice on cyber risk at REA, helping leaders make better decisions about what to prioritise and why. You’ll sit on the Security leadership team and work closely with peers across Product Security, Enterprise Security, and Detection and Response.

Day to day, you can expect to:

  • Drive a shared understanding of cyber risk across the security organisation and broader business so investment is focused on the controls and remediation that most reduce risk
  • Establish, manage and report on security metrics that make performance, exposure and priorities easy for the business to understand
  • Support the CISO with regular reporting to senior governance forums and provide confident, constructive challenge when priorities need to shift
  • Lead the Cyber GRC team through a shift from routine process execution to higher-value, risk-focused work
  • Directly manage the Australian team and provide functional leadership to team members in India, in partnership with their local people manager
  • Lead the Business Information Security Officer capability, including the current BISO supporting Financial Services
  • Lead the selection, business case creation and implementation of a GRC platform
  • Redesign the third-party risk process so it delivers more signal with far less effort
  • Establish automated compliance artefact collection to support efficient certification and assurance activity
  • Ensure the business understands and manages its obligations across standards including ISO 27001, PCI-DSS and SOC 2
  • Oversee the ongoing measurement of cyber maturity using NIST CSF
  • Own cybersecurity policies and key governance controls, ensuring they are pragmatic, clear and aligned to business needs
  • Establish REA’s approach to supporting minority investments with cyber advice and visibility of cyber risk
  • Support cyber due diligence on future acquisition targets

Who we're looking for:

You’re someone who loves technology and enjoys improving the way work gets done. You understand how product development organisations operate, and you know how to make the right way the simplest way.

We’re looking for someone with:

  • A track record of delivering technology-enabled change in GRC, security assurance or risk practices, with clear examples of processes you have automated, simplified or retired
  • Experience leading teams through change in ways of working
  • People leadership experience, ideally across distributed or international teams
  • Strong influencing skills and the ability to work effectively across organisational boundaries
  • Deep experience with security risk assessment and risk management frameworks, and the ability to translate technical security concepts for business audiences
  • Broad security knowledge, including awareness of current threats and attack techniques
  • Knowledge of modern product development technologies and ways of working
  • Familiarity with security frameworks such as NIST CSF and ISO 27001, and the judgement to apply them pragmatically
  • Hands-on comfort with modern tooling, including scripting, APIs or AI tools to remove manual work and improve outcomes
  • Exceptional communication skills for both technical and non-technical audiences
  • The ability to build trust and credibility quickly with senior stakeholders
  • Comfort operating in ambiguity and navigating competing priorities
  • Strong analytical and problem-solving capability

The REA experience

The physical, mental, emotional and financial health of our people is something we’ll never stop caring about. This is a place to learn and grow.

Some of our perks and benefits include:

  • A hybrid and flexible approach to working
  • Flexible leave options including birthday leave and the option to purchase additional leave
  • Flexible parental leave offering for primary and secondary carers
  • Our Because We Care program offers employees volunteering leave, community grants, matched payroll giving and our Community Café donates 100% of revenue to charity
  • Hackdays so you can bring your big ideas to life

Our commitment to Diversity, Equity, and Inclusion

We are committed to providing a working environment that embraces and values diversity, equity and inclusion. We believe teams with diverse ideas and experiences are more creative, more effective and fuel disruptive thinking. If you've got the skills, dedication and enthusiasm to learn but don't necessarily meet every single point on the job description, please still get in touch.

Join our Talent Neighbourhood

Keen to be part of REA but didn't find a perfect match with this opportunity? Perhaps the timing isn't right? You should join our Talent Neighbourhood!

#LI-HYBRID

Skills Required

  • Proven track record delivering technology-enabled change in GRC, security assurance or risk practices, including automation or process simplification.
  • Experience leading teams through change in ways of working.
  • People leadership experience, ideally across distributed or international teams.
  • Strong influencing skills and ability to work across organisational boundaries.
  • Deep experience with security risk assessment and risk management frameworks, translating technical concepts for business audiences.
  • Broad security knowledge including awareness of current threats and attack techniques.
  • Familiarity with security frameworks such as NIST CSF and ISO 27001 and pragmatic application of them.
  • Hands-on comfort with modern tooling, including scripting, APIs or AI tools to remove manual work and improve outcomes.
  • Exceptional communication skills for both technical and non-technical audiences.
  • Ability to build trust and credibility quickly with senior stakeholders.
  • Comfort operating in ambiguity and navigating competing priorities.
  • Strong analytical and problem-solving capability.
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Richmond, Victoria
3,618 Employees

What We Do

REA Group (ASX: REA) is a leading digital business with more than 2,800 people working towards changing the way the world experiences property. We help people with all aspects of their property experience – not just buying, selling, and renting. We deliver unparalleled value to our customers with a suite of un-matched integrated products and services while providing access to the largest and most engaged audience of Australian property seekers. Our unique consumer experiences cover every stage of the property journey offering the richest content, data and insights, property valuation estimates and home financing solutions. REA is focused on supporting a sustainable future is a Climate Active certified carbon neutral organisation. Our people are the key to our success and come to work every day living our values. They are purpose driven and collaborate, which drives our innovative culture.

Similar Jobs

Dynatrace Logo Dynatrace

Solutions Engineer

Artificial Intelligence • Big Data • Cloud • Information Technology • Software • Big Data Analytics • Automation
Remote or Hybrid
Melbourne, Victoria, AUS
5600 Employees

Xero Logo Xero

Senior Data Engineer

Cloud • Fintech • Information Technology • Machine Learning • Software
Hybrid
2 Locations
4500 Employees

Xero Logo Xero

Staff Data Engineer

Cloud • Fintech • Information Technology • Machine Learning • Software
Hybrid
2 Locations
4500 Employees

Zscaler Logo Zscaler

Principal AI Security Specialist

Cloud • Information Technology • Security • Software • Cybersecurity
Easy Apply
Hybrid
2 Locations
8697 Employees

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account