The Australian Prudential Regulation Authority (APRA) is set to hire a chief information security officer to “maintain, improve, and manage” security at both at a strategic and business-as-usual level.
The hire comes after APRA, alongside the Australian Securities and Investments Commission, netted around $130 million for cyber security uplifts over the next four years.
APRA does not appear to have had a C-level security leader since May 2022, when former chief security officer Mikhail Lopushanski exited the regulator to join Heritage Bank.
The CSO role has not been listed on APRA org charts for several years, although it did appear coinciding with Lopushanski’s tenure in its 2020-2021 report [pdf].
An APRA spokesperson declined several invitations to comment on who had led cyber security between then and now, and how it had organised those responsibilities.
The CISO will work closely with APRA’s CIO Rogier Roelofs and chief data officer Andy Robertson.
According to a job advertisement, the CISO role requires “significant leadership capability connecting and collaborating with key stakeholders, leading transformational change, and in building relevant capability within the team and externally”.
Key stakeholders include the Australian Cyber Security Centre, the Department of Home Affairs, ASIC and the Reserve Bank of Australia.
As well as security governance, information security and personnel vetting, the new CISO will be responsible for monitoring and responding to security threats and incidents via APRA’s security operations centre.