NSW govt steals AUSTRAC CIO as first cyber chief

The NSW government has lured AUSTRAC IT chief Maria Milosavljevic out from her current role at the national financial intelligence agency to become its first-ever chief information security officer.

Maria Milosavljevic

The state government started recruitment for the newly-created position in January this year.

At the time it said it was looking for someone who could unite the public sector's infosec efforts.

As the state CISO, Milosavljevic will sit alongside Finance CISO Marco Figueora - who is also a new hire - but will look after infosec for the entire state government.

She will report into NSW chief information and digital officer Damon Rees when she begins the job on May 1 from Canberra.

Milosavljevic's job will be to drive a "step change" in cyber security capability across the NSW public sector, while co-ordinating response and recovery efforts within agencies, and providing strategic advice on resiliency to threats.

The NSW government today said one of Milosavljevic's first tasks would be to develop a set of standards for cyber security across government.

Milosavljevic told iTnews her focus in the role would be around both securing data and embedding a culture of infosec thinking and collaboration across the public sector.

"The ultimate priority will be keeping the NSW government and its data safe. It has a lot of very important and sensitive data, and there's all sorts of risks associated with that information," she said.

"So I'll be working to make sure that's well protected on collection, at rest, and beyond, the whole lifecycle of data.

"There'll also be a lot of work around culture, making sure that is right and agencies are working together. It's not a mandate on a hill, it's really about the community working together to come to an agreed position on what that landscape should look like."

A strong information security framework is especially key for the NSW government as it powers ahead with the digital transformation of its service delivery.

"[Security] is one of the highest risks for NSW, because obviously as you start to become more digital, you want to do so in a more secure way," Milosavljevic said.

Finance Minister Victor Dominello acknowledged the growing importance of information security across the state's agencies.

“Cyber risk and security has emerged as one of the most high profile, borderless and rapidly evolving risks facing Government, so the GCISO position is vital to strengthening the NSW government’s cyber security," he said in a statement.

Milosavljevic had been at AUSTRAC for just under two years. Prior to that she served for two-and-a-half years as the CIO at the Australian Crime Commission, where she was named a finalist in the 2014-15 Benchmark Awards for her work on the Fusion project.

At both AUSTRAC and the Crime Commission Milosavljevic was responsible for whole-of-agency information security as part of her executive role.