Information Security Consultant



Software Engineering, IT
Melbourne, VIC, Australia
Posted on Thursday, October 5, 2023

See yourself being part of a large, transformational change? This could be the role for you!

At Iress, we make things happen

We believe technology should help people perform better every day. Since our beginning in 1993, people across financial services have trusted us to take their performance to the next level. More than 10,000 businesses and 500,000 people use our software, from the world’s most iconic financial services brands to advice firms of all sizes, banks, insurers, investment managers, traders and brokers. Iress is one of Australia’s largest technology companies and employs more than 2,000 people across Australia, The United Kingdom, Africa, Canada, France, New Zealand and Asia.

Build your career at Iress!

Reporting into the Head of Security Risk and Assurance, this is a key role to support the implementation of the organisation's structured information security audit and improvement programme.

The role requires the individual to work closely with the Head of Security Risk and Assurance and the other members of the Information Security group to support the operation of the Iress ISMS. They will also be required to work closely with business and technical stakeholders within Iress who have operational responsibility for security activities. This may be through auditing the controls for which they are responsible, assisting them with the design or implementation of their security controls, or providing targeted security advice and awareness training.

By working with pragmatism and recognition of what the business needs to achieve, this role will help the Head of Security Risk and Assurance drive continuous improvement in the Information Security Team’s engagement across the organisation and deliver ongoing and increasing business value from the function.

Some of the awesome things you’ll be involved with:

  • Promote a business-partner approach to engagement - ensuring the function collaborates and works with (rather than police) business teams

  • Participate and assist in maturing, streamlining, maintenance and embedding of the organisation’s Information Security Management System (ISMS) - ensuring continuous yet pragmatic improvement to the non-IT (“business-facing”) elements

  • Assist in maintaining the organisation’s Information Security Management System (ISMS) artefact library

  • Assist in the preparation of information security policies, standards, procedures and guidelines

  • Participate and assist in the maintenance of ISO27001 and SOC 2 certifications

  • Participate and assist in the risk assessment internal audit programme (RAIA) and its associated processes against critical products and services provided by external suppliers, and support the tracking of remediation findings

  • Help to ensure the enterprise risk register is properly maintained and risk mitigation activities are prioritised (based on risk rating) and help to ensure Iress maintains effective awareness and monitoring of information security risks

  • Assist in socialising of policy, Data Protection Impact Assessments (DPIAs), client assurance, third party supplier due diligence to all relevant areas of the organisation - empowering and educating our people to take care of their own obligations

  • Support and operate the client assurance program; perform content reviews of FAQ databases, maintain proposal material and other client facing documentation

  • Assist in the development of Client Information Packs; participate and assist with Infosec responses to Client RFPs/Bids & DDQs

  • Participate and assist in Client-led security audits, assist with scheduling, meeting logistics and follow-up of findings

  • Assist other information security team members on direct engagements with internal and external clients on information security matters

  • Assist in the running of Information Security Management Forums (ISMF) meetings

  • Participate and assist in reviews of Infosec clauses in client contracts

  • Participate and assist in the infosec Incident & Breach response process. Liaising with Compliance and other teams (including other Info Sec squads) and helping to coordinate incident activity as required

  • Participate and assist in BCP & DR activities across the business based on priorities/risk. Assisting the measuring and reporting on the business' readiness to respond to stated event scenarios

What you will bring:

  • Experience in creating client facing collateral and maintaining it to remain relevant for changes in technology and procedures

  • Good communication skills and ability to facilitate client facing meetings

  • Designing, assessing and implementing effective security control solutions

  • Operation, and maintenance of an ISO 27001 certified ISMS

  • Performing security audits and/or technical risk assessments of systems and suppliers

  • Managing or performing an incident management and/or audit findings program

  • Exposure to eGRC systems

  • Strong understanding of current trends and developments in information security

  • Knowledge and understanding of relevant legal and regulatory requirements and guidelines (eg UK Data Protection Act, EU GDPR, APRA, Companies Act, Computer Misuse Act, FCA Regulation, ISO 27001, PCI DSS), IRAP and SOC 2.

Why work with us?

  • 8 additional paid days per year to extend your weekends

  • Hybrid working

  • Generous cash bonus for every successful referral

  • Annual Profit Share when Iress meets its annual profit targets

  • Starting school leave - 8.5 days of leave to assist your children with the transition to school

  • Up to 26 weeks’ paid parental leave for primary carers (up to 4 weeks for secondary carers), and the ability to work part-time when returning to work

  • 3 days’ paid leave per year to participate in charity initiatives

  • Discounted health insurance premiums

  • Access to learning and development programs through Udemy

Iress is committed to fostering a welcoming and inclusive culture. We strongly believe that diversity is what makes our teams and our products succeed. Our people have different experiences, skills, perspectives and beliefs and everyone’s uniqueness is valued and celebrated.

Our hiring decisions are never based on sexual orientation, race, gender identity, religion, disability, citizenship, marital or family status and age. Even if you feel you don’t meet all of the requirements of the role, we would still like to hear from you!

We’re also proud to be globally recognised as a WORK180 Endorsed Employer that promotes and supports all women in the workplace.

For more information about what we do, our people and values, please visit our website -


Employment Type


Time Type

Full time