Head of Third Party Risk Management – Cyber Security Resilience

The Star Entertainment Group (TSEG) is a publicly listed company on the ASX. Our purpose is to create fun at trusted destinations and our aim is to deliver sustainable outcomes for our guests, our Team Members, the communities in which we exist and our shareholders. We do this by providing entertainment, gaming, and leisure experiences in a safe, responsible, and ethical way. We will do this by embedding our values to lead the organisation with a focus on safer gambling and good business practices. 

Our properties across Brisbane, the Gold Coast and Sydney are world-class with many award-winning hotels, restaurants, bars, and entertainment venues.  

As our Head of Third Party Risk Management reporting to the Chief Information Security Officer, you will be responsible for building and leading a comprehensive program that safeguards the organisation from security vulnerabilities associated with third-party vendors.

This is a fantastic opportunity where you will be developing and implementing a vendor lifecycle management process with robust security practices, overseeing assessments of third-party security posture, and establishing clear contractual obligations for data security and incident disclosure

A few of your responsibilities:

• Lead the development and implementation of a comprehensive TPRM encompassing vendor lifecycle management, security risk assessments, contractual obligations, and ongoing program improvement.
• Collaborate with key stakeholders across the organisation to understand security requirements for different third-party relationships and define clear guidelines governing those engagements (data security, incident response, regulatory compliance).
• Stay up to date on evolving cyber threats, industry best practices, and regulatory requirements for TPRM.
• Develop and implement a vendor lifecycle management program that integrates cybersecurity best practices throughout the engagement process (onboarding, ongoing monitoring, offboarding).
• Oversee the development and implementation of a standardised approach for evaluating third-party security posture, including reviewing security questionnaires, independent certifications (SOC II, ISO 27001, PCI DSS), penetration tests & vulnerability assessments.

What we are looking for:

• Minimum 5-7 years of experience in third-party risk management or a related role.
• Proven track record of developing and implementing successful third-party security risk management programs.
• Strong understanding of cybersecurity best practices and frameworks (e.g., NIST CSF, ISO 27001).
• Excellent analytical and problem-solving skills.
• Experience in contract management and vendor relationship management is a plus.

About you:

You have a strong background in managing third-party relationships and building solid connections with multiple organisations and stakeholders. Additionally, you possess deep expertise in managing cyber threats, ensuring robust security measures are in place to protect organisational assets

Your role will be pivotal in driving impactful outcomes and shaping future solutions by improving the effectiveness of the third-party risk management program, identifying opportunities for optimisation and automation.

What we can offer you:

• Complimentary meal on site every day including hot meals, sandwich bar and more.
• Flexible working arrangements
• Up to 30% discounts across award winning restaurants and accommodation
• An organisation that values diversity, teamwork and being your best self.
• Diversity & Inclusion areas of focus including Multicultural, Gender, Aboriginal & Torres Strait islander and LGBTQI+
• Extraordinary growth opportunities personally and professionally
• Opportunity to work with elite professionals and assets

Please be aware that eligibility checks are required as part of the recruitment process and ongoing employment for this position.

Our culture:

Each team member is expected to champion The Star’s Purpose, Values, and Principles (PVP), which serve as the cornerstone of The Star’s culture.   

Our purpose is to create fun at trusted destinations. This commitment involves living our values of Build memorable connections, Own It, Lead with Integrity, and Take good care.  

We welcome applications from all cultures, ages, religions, genders, LGBTQI+ people, Australia’s First Nations Peoples, and people with disabilities. We recognise the distinctive challenges that trans and gender-diverse applicants may encounter during the recruitment process.  We offer a range of flexible working options for team members to find a balance between work and life that’s right for them and their unique well-being needs.   

The Star was awarded WGEA Employer of Citation for Gender Equality (2022-24) and has been recognised as a 2024 GOLD Employer by the Australian Workplace Equality Index (AWEI), which evaluates LGBTQI+ inclusiveness in the workplace. 

It’s your time to SHINE! 

Click on the link below to make your next career move with The Star.