Job Title

Director of Security @ Fashion ECommerce Join us to bring the future of shopping to our customers across Australia and New Zealand. We are a diverse and dynamic community of over 1,000 people working towards our purpose "To bring on the future of shopping". We are people and planet positive, and we strive towards creating a positive impact in the world by driving genuine and meaningful change for the better of all communities involved. About The Role We are seeking an experienced and strategic Director of Security to define and drive our company-wide security strategy, ensure regulatory compliance, and lead incident response and risk management efforts. Responsibilities Define, own and execute the company''s security strategy and roadmap, aligned with GFG''s security strategy and overall business objectives. Oversee and ensure compliance with relevant security standards and regulations (e.g., GDPR, NIST CSF, ISO or similar frameworks). Lead incident response playbooks, coordinate post-incident reviews, and implement improvements to minimise impact and protect assets. Conduct risk assessments and vulnerability management to reduce risk exposure through timely identification and mitigation. Embed security early in product lifecycle by partnering with product, engineering and IT teams. Work closely with GFG Security, IT and other business teams to align security priorities with broader initiatives and timelines. Lead company-wide security awareness programmes and training to uplift security practices across the organisation. Report regularly to senior leadership and the board on security posture, KPIs, high-risk vulnerabilities and incident responses. Influence roadmaps and priorities across functions; balance security requirements with business objectives while exercising decision rights where applicable. Qualifications Significant experience leading security teams and owning company-wide security programmes. Strong background in risk management, vulnerability assessment, incident response and cyber recovery. Experience implementing and managing controls for GDPR, NIST CSF and ISO (or similar frameworks). Demonstrable ability to influence engineering, product and non-technical stakeholders and shape roadmaps. Excellent capability to translate security risks and priorities for non-technical leadership and board-level audiences. Experience developing incident playbooks, running post-incident reviews and driving continuous improvement. Experience working at scale in retail, e-commerce or global organisations. Handson background in cloud security (AWS, Azure, GCP), application security and secure development practices (DevSecOps). Experience aligning local / regional security requirements with a global security strategy. Benefits Flex Your Way Hybrid working options so you can slay your day wherever works best for you! #J-18808-Ljbffr