Join a remote and distributed leadership team to help uplift, educate, mature and maintain an enterprise-grade cyber security culture that continuously strengthens the protection and compliance of the underlying platforms, people and processes responsible for hosting our governments’ information and services for citizens.

Strong experience in security policies, compliance, consultation, education, cyber threats and thought leadership is essential.

Strong capability in driving enterprise-grade security change programs is essential with experience in the application of risk-based approaches to security compliance, such as those needed for the Australian Government’s Information Security Manual (ISM) and Protective Security Policy Framework (PSPF), is highly desired.  

As a senior member of our leadership team, it’s essential you’re comfortable pushing the boundaries and setting high security standards, respectfully challenging, and being respectfully challenged. 

Remote working, flexible hours, an open ethos, and an authentic values-based culture and purpose are further benefits we offer.

While we love, appreciate and embrace diversity, a requirement of this position is that the successful candidate must be an Australian citizen, as mandated by many of our government clients.

About Salsa Digital

First and foremost we are an authentic bunch of great humans driven by purpose, by values and by people. 

We are a digital innovation company with a strong presence in Australian government focusing on GovTech, CivicTech and Open Data. 

With an 18-year legacy in open source, born out of Victoria, Australia, we have recently become a fully remote and distributed team made up of digital engineers and specialists from across the globe. 

Our authentic purpose (our vision) is what drives us: to help governments become more open, more connected and more consolidated. To realise this vision we partner with governments across Australia to help them digitally transform, better engage with citizens, and open up to co-create and co-innovate with industry.

We’re pleased to have delivered, and continue delivering, many large-scale, whole-of-government Drupal CMS and CKAN open data platforms across multiple jurisdictions throughout Australia.  We’re also pleased to be the official service delivery partner for GovCMS on behalf of the Australian Federal Government, and Single Digital Presence and Data.Vic on behalf of the Victorian Government.

Our crew, aka Salsarians :), are pretty amazing! They work hard and have fun while staying true to our company values of:

  • Rigour
  • Mutual Respect
  • Transparency
  • Personal Growth
  • Accountability
  • Commercial Outcomes
  • Fresh Thinking
  • Authenticity  

Key responsibilities

Responsibilities include:

  • Ramping up within complex, enterprise-grade, technical environments quickly.
  • Aligning with regulatory frameworks — becoming aware of regulatory requirements such as ISM/IRAP (for GovCMS) and whole-of-Victorian-government cyber security strategies (for example, VicGov Cloud Security Guidelines (CISO-Guidance-01) and the implication of these frameworks across people, process and technology.
  • Identification of SecOps vulnerabilities and exposures — proactive identification of gaps and/or exposures in security posture of technical solutions and considered recommendations to address
  • Determining SecOps opportunities via an understanding of present security pain points and exposures for each major program of work. Driving the delivery of a backlog of security risk mitigation actions and initiatives across each program
  • Maintaining an active SRMP (Security Risk Mitigation Plan) and SSP (System Security Plan) for each major program of work. Driving the actions to deliver on planned activities of the SRMP.
  • Collaborating with other technical stakeholders to determine optimal technical solution pathways and producing appropriate documentation. Providing a security perspective as required.
  • Working with the Product Owner (platform) to help plan and communicate the product roadmap providing input into business imperative features from a security perspective.
  • Building authentic open relationships with stakeholders — supporting a project/program culture with open communication, trust and respect  
  • Represent Salsa’s strong open ethos and brand to establish new trusted relationships and nurture existing ones.

Skills (must haves)

  • Australian citizenship, as required by our government clients
  • Enterprise-grade security experience in digital programs, ideally within government
  • Practical knowledge and experience of relevant security frameworks such as ISM/IRAP, WoVG technical policies and standards and/or OWASP
  • Strong working knowledge of digital web technologies including application, DevOps, hosting and containerisation technologies (Kubernetes)
  • Strong problem solving skills
  • Ability to speak authoritatively on complex technical matters, in particular security principles, risks and solutions
  • Exceptional communication with customer and internal managers — listening and providing answers
  • Ability to build good working relationships with all program stakeholders
  • Ability to gather and assimilate information
  • Ability to adapt and prioritise
  • Experience working on projects/programs using agile methodologies
  • 2+ years as a CISO or senior security consultant
  • Practical experience with complex technical solutions and achieving ISM/IRAP certification
  • Execution as a CISO in complex regulatory environments
  • Demonstrated experience in current-state, future-state and transition-to-future-state of internal security systems and processes


  • Attractive salary package
  • Work from home 
  • Flexible working hours
  • Opportunity for career development
  • Be supported by a group of diverse, fun, passionate and genuinely good people
  • A flat and transparent organisational culture where you get answers, FAST!
  • Refer-a-friend Employee Benefits Scheme
  • Opportunity to earn an annual bonus

Want to know more?

You may like to:

  • Read some recent case studies to get an idea of the types of project you could be working on
  • Read our latest Insights for thought leadership pieces


Contact Angela Rako (human resources) on 03 9910 4839 or apply online using the form below.

Apply now