Men are dying too young – and it doesn’t have to be that way.

Around the world, men are facing a health crisis: prostate cancer, testicular cancer, poor mental health and suicide. At Movember we’re on a mission to change the face of men’s health by making it easier for men to talk, act and live longer healthier lives.

Every project, every campaign, every idea adds up to real change. You’ll be part of a moustache-powered crew who believe making an impact and having fun should go hand in hand. Your mission is calling.

DO GOOD. Work for Movember.

Your Mo-Mission (should you choose to accept it):

The Technology Governance Officer establishes, maintains, and improves Movember's technology governance frameworks across information security, AI governance, and data management. This role ensures compliance with ISO 27001, ISO 42001, NIST AI RMF, ACSC Essential 8, and regional regulations.

Serving as custodian of Movember's ISMS, AI governance framework, and data governance structures, the role provides subject matter expertise, conducts supplier assurance assessments, manages compliance audits, and drives continuous improvement. 

Information Security Management System (ISMS):

Maintain and improve Movember's ISMS per ISO/IEC 27001:2022. Coordinate management reviews, manage the risk register and incident processes, and maintain policies and procedures. Conduct internal audits, coordinate external certification activities, and report ISMS performance metrics to senior management.

ISO 27001 & Security Standards Compliance:

Maintain evidence of ISO 27001:2022 Annex A compliance and coordinate Statement of Applicability reviews. Ensure ACSC Essential Eight compliance and monitor progress toward NIST CSF targets (current 3.5, target 3.8 by FY28). Maintain security control documentation and evidence repositories.

AI Governance & ISO 42001 Compliance:

Implement and maintain AI Management System per ISO/IEC 42001:2023. Administer the AI Register, facilitate risk assessments using NIST AI RMF and EU AI Act requirements, and coordinate the AI Working Group. Ensure compliance with AI Guiding Principles, develop AI governance policies, and monitor system performance against fairness and accountability metrics.

Data Governance:

Establish data governance frameworks aligned with international standards. Develop data classification schemes, coordinate DPIAs, and maintain retention schedules. Monitor compliance with GDPR, HIPAA, Privacy Act 1988, and facilitate data stewardship activities across the organisation.

Supplier Assurance:

Conduct comprehensive supplier security assessments for technology vendors. Develop assessment frameworks, evaluate vendor certifications (SOC 2, ISO 27001), and assess contracts for security clauses. Maintain approved vendor register, monitor security incidents, and provide approval recommendations to leadership.

Risk Management & Compliance Reporting:

Maintain technology risk register and facilitate risk assessment workshops. Develop risk treatment plans and prepare compliance reports for management and board. Track KRIs, coordinate regulatory responses, monitor regulatory changes, and maintain compliance evidence repositories.

Audit Management:

Develop internal audit programs for ISMS, AI governance, and data protection. Conduct internal audits, coordinate external certification audits, and manage audit findings through remediation. Prepare management responses and report results to governance committees.

Training & Awareness:

Develop and deliver security awareness training for all staff and specialized training for high-risk roles. Conduct AI governance training, maintain awareness materials, track completion rates, and promote security culture throughout the organisation.

Governance Committee Support:

Support Cyber Security Governance Group (CSG), Technology Steering Committee (TSC), and FRAC with meeting preparation and technical expertise. Prepare governance materials for executive forums and track committee action items.

Process Improvement & Documentation:

Continuously improve governance processes based on lessons learned and best practices. Maintain comprehensive documentation, develop templates and tools, benchmark against industry standards, and implement automation where appropriate.

No Moustache Required - but the following are:

• Degree in Information Technology, Information Security, or related field (or equivalent experience)

• 5+ years experience in information security, risk management, or governance roles

• Working knowledge of ISO 27001, ISO 42001, NIST frameworks, and ACSC Essential 8

• Experience conducting audits and managing compliance programs

• Understanding of AI governance frameworks and emerging AI regulations

• Knowledge of data protection regulations (GDPR, HIPAA, Privacy Act 1988)

• Experience with supplier risk assessment and vendor management

• Professional certifications (CISM, CISSP, ISO 27001 Lead Auditor, or similar) highly regarded

• Proficiency with GRC tools and platforms

• Experience working in global, multi-regional organisations preferred

Applications close 9am (AEDT), Wednesday 17th December 2025. 

GOOD CAUSE:

Working for Movember, you’ll help turn ideas (and moustaches) into millions for men’s health. Every bit we raise changes the face of men’s health by funding research, improving treatments, and supporting programs that help save lives

We’re even shaping government policies on men’s health worldwide. By meeting directly with lawmakers, and helping them understand how more investment on men’s health benefits not just men, but all the communities they serve.

GOOD VIBES:

We love weekends. That’s why our Fridays finish early for nine months of the year. But we also love our office vibe. Because here, it always feels like something big is about to happen. Be it an office-wide surprise birthday party (with cake!) or an open invite for all to hit the pub.

Come the hairy season, the energy cranks up. We’re talking celebrity visits. Live stunts on-site for TV and radio. And when we hit a fundraising milestone, the office gong might even go off. But, for those who prefer calm, no probs: hybrid working means you work where you feel best.

GOOD CREW:
Spoiler alert: we’re a no-ego, all-impact crew. That means everyone gets a say, from new starters to those leading the charge. Collaboration over hierarchies, curiosity over rigid process. And it’s true across all our offices worldwide. We work as one, sharing expertise and celebrating wins. All in the name of making the biggest impact across the globe. United, we Mo.

We offer:

• Flexible hybrid working from home and our modern Richmond office
• Finish work at 2pm on Fridays (Dec-Aug)
• NFP salary packaging (pay less tax)
• 13 weeks paid parental leave and 5 weeks annual leave
• Fun & collaborative culture with employee social events
• Free Headspace subscription and other wellbeing initiative
• Relaxed dress code

Boy, do we know the feeling of being judged. (Over how we look, and other things that shouldn’t matter.) Being different is how we started. And it’s also helped us raise $1 billion for men’s health. So, we know the power of diverse experiences, skills and perspectives.

And another impressive number is our WGEA gender pay gap: it sits at a big, fat, round 0%. If you’ve got the relevant skills and the right attitude, let nothing stand in your way of firing off your application.

Movember is stronger when Aboriginal and Torres Strait Islander peoples are part of our crew. We want you to feel supported in exploring opportunities with us. That’s why before applying, we invite you to yarn with Raymond Rosendale, Australian Indigenous Programs Manager, in a virtual catch-up to talk about the role, our community work, or just to share ideas.

Do you want to DO GOOD?
If so, we’d love to hear from you.