Information Security Architecture Lead

Careers with Impact

More than one million Australians trust HESTA with their money. HESTA is a top-performing industry super fund working for real-world impact. We use our expertise and influence to deliver strong long-term returns while accelerating our contribution to a more sustainable world.

HESTA is also an inspiring and rewarding place to work. That’s because what we do makes a difference to the lives of our members. The people who work at HESTA are not only exceptional at what they do, they’re focused on living and creating a strong organisational culture. We’re an industry super fund dedicated to the people who keep our communities going. People who provide some of the best health, education and community services in the world are HESTA members – and we are proud to serve them.

Bring your authentic and passionate self to this exceptional role #careerswithimpact

Lead security with purpose and impact. We’re looking for an experienced Information Security Architecture Lead who is ready to lead security architecture in a way that is pragmatic, inclusive, and future focused. This is more than a technical role – it’s an opportunity to shape how security enables innovation, trust and resilience across a purpose-driven organisation.

As a senior member of HESTA’s Information Security/Cybersecurity team, you’ll play a pivotal role in maturing our security architecture capability in a greenfield-to-maturing environment within a highly regulated industry. You’ll embed secure-by-design and Zero Trust principles into technology delivery, guide complex architectural decisions, and ensure security is an enabler of our digital ambition.

Reporting to the Information Security Architecture Strategy and Engineering Manager and working collaboratively with various business teams, senior stakeholders and external vendors, you’ll support and mentor the security architecture team as our capability continues to grow.

What You’ll Do 

• Security architecture advisory: provide design guidance to project and delivery teams, ensuring alignment with HESTA’s standards, risk appetite, policies and regulatory obligations.
• Architecture reviews and threat modelling: partner with Enterprise Architecture to review proposed solutions, identify risks and threats, and recommend mitigations with clear decision traceability.
• Evaluate and shape guardrails for emerging technologies (including AI/ML), ensuring innovation is implemented safely and responsibly.
• Threat-informed design: monitor external threat intelligence and industry developments and translate them into actionable architecture patterns and proactive security strategies that protect members and build trust.
• Develop and maintain security standards, control baselines, reference architectures and reusable patterns across applications, data and infrastructure – embedding Secure-by-Design and Zero Trust principles.
• Lead cyber risk assessments, integrating with enterprise risk management and 3Lines of assurance risk framework.
• Collaborate with various business teams, senior stakeholders, and external vendor partners to align cybersecurity strategy with enterprise objectives.

What You’ll Bring

• Extensive experience in a similar senior/lead information security or cybersecurity architecture role, ideally within superannuation, financial services or other regulated environments.
• Demonstrated track record of building and maturing security architecture practices – operating models, standards, patterns and playbooks – particularly in greenfield or evolving environments.
• Strong security architectural capability across complex, multi-domain technology landscapes, with the confidence to resolve design trade-offs.
• Experience delivering multi-cloud security architecture (identity, encryption, segmentation, logging, IaC, data security).
• Experience leading, coaching and mentoring security architecture teams, fostering capability growth, collaboration and continuous improvement.
• Strong problem-solving capability and the confidence to navigate both ambiguity and competing priorities.
• Excellent communication, presence, and gravitas with the ability to engage and influence at all levels.
• Deep understanding of risk and compliance frameworks (e.g. NIST CSF, ISO 27001, CIS, APRA CPS 234) and Zero Trust models.
• Knowledge of API-centric architecture and API security (WAF, API gateways, OWASP API Top 10); Network security (VPC/VNet, micro-segmentation); Data security and privacy (classification, DLP, encryption, tokenisation, DPIAs).
• Tertiary qualifications in IT, Cybersecurity or a related discipline.
• Industry certifications (e.g. CISSP, SABSA, TOGAF, CISM, CRISC, GIAC) and cloud certifications (AWS, Azure, GCP) are desirable.

Benefits that matter and make a difference for our employees
 

• Leave for those moments that matter, an additional 6 days of leave at the end of year, up to 6 days paid volunteer leave, gender neutral paid parental leave of 20 weeks, Gender Affirmation leave, reproductive health and wellbeing leave, Cultural and Ceremonial leave. Access your LSL after 3 years, take AL at half pay, and purchase up to 2 weeks additional leave (just to name a few).
• Your professional development matters, up to $5k per year professional development and up to 8 days professional development leave, HESTA scholarships and free access to a range of premium learning tools.
• Your health and wellbeing matters, free annual flu shots and skin checks, incredible social events throughout the year and a comprehensive employee assistance program available 24/7.
• Your financial wellbeing matters, up to 15% super, financial planning support, end of year payment for all Enterprise Agreement-covered employees, incentivised Employee Referral Program and novated lease options.
   

We celebrate, value and include people of all backgrounds, genders, identities, cultures and abilities. We welcome and support applications from First Nations people, physically, neuro or culturally diverse, LGBTQI+, and people of any age. We are proud to be WGEA accredited as an Employer of Choice for Gender Equity.
 

We want all candidates to feel safe, included and provided with the best opportunity to thrive, if you require reasonable adjustments during your application or throughout the recruitment process, please reach out to a member of the Talent team careers@hesta.com.au and we’ll call you to discuss.
 

Please note: Applications via recruitment agencies will not be accepted for this position.