NSW Customer Service dept hunts CISO for 'expanded' role

The NSW Department of Customer Service is searching for a chief information security officer to take charge of cluster-wide IT security with a newly-expanded set of responsibilities.

The state government’s peak IT agency put out the call for the “new key leadership role” last week, a full eight months after its last permanent group CISO, Marco Figueroa, left the role.

Figueroa spent just over three-and-a-half years at DCS, as well as its predecessor, the then Department of Finance, Services and Innovation, before quietly departing the agency in mid-2020.

His exit came just months after the massive email compromise attack against Service NSW – a cluster agency of DCS – which exposed 736GB of data, or around 3.8 million documents.

A DCS spokesperson told iTnews that since Figueroa’s departure the CISO role has been “expanded to include greater responsibilities and accountabilities”, though did not elaborate.

“The advertised position reflects the expansion of this role, which is to be responsible for IT cyber and security management, governance, risk and compliance best practices across DCS,” the spokesperson said.

Reporting to the chief operating officer and working alongside the chief information officer, the new CISO will be expected to provide “strategic advice to build a world class cyber security capability”.

This will involve identifying any gaps in governance, risk, audit and compliance strategies and practices for DCS, as well as any shared services delivered by GovConnect to other clusters.

In addition to leading the DCS cyber security function and proactively developing solutions to mitigate risks within the agency, the CISO will “lead several cyber security project across DCS”.

It is not clear if this includes Service NSW’s cyber security uplift and remediation program, which was funded to the tune of $5 million in last year’s budget following the cyber attack.

According to the spokesperson, the CISO will also work closely with the NSW government chief cyber security officer, who is responsibile coordinating IT security at a whole-of-government level.

The successful applicant will be expected to have a “deep understanding of cyber security practices” and prior experience at a “large complex organisation”, the job ad states.

DCS is offering a remuneration package of up to $328,989 for the senior executive service band 2 level role.