Your new company
South Australia Police (SAPOL) provides a diverse range of services to the community. These services are aimed at producing a safe and peaceful environment by the minimisation of crime and disorder. It is a large complex organisation which, because of the nature of its operations, is constantly subject to public scrutiny and accountability. It provides services to a range of different locations (over 100) spread across the State on a 24 hour a day basis.
The IS&T Service is responsible for the provision of IT, cyber security and communications services and is therefore vital to the achievement of SAPOL’s core objectives. In consultation with its customers, IS&T plans, delivers, secures and supports new and existing technology services.
Your new role
The Manager, Cyber Security Operations will work within the Information Security Branch and will lead the team responsible for identifying, triaging, and managing potential and actual cyber security incidents. The role will be instrumental in uplifting SAPOL’s incident response maturity and capability, leveraging modern tools for incident monitoring, investigation, and automated response.
This function will ensure SAPOL can rapidly detect and respond to cyber threats while embedding continuous improvement processes to prevent recurrence and strengthen overall cyber resilience. The role will collaborate closely with internal IT teams, external agencies, and law enforcement partners as required to ensure coordinated and effective incident response outcomes.
The Manager, Cyber Security Operations will also develop and maintain the Cyber Security Incident Response Plan (CSIRP), associated response playbooks, metrics, and reporting processes to ensure SAPOL meets compliance obligations and industry best practices. It will also oversee and manage SAPOL’s Security Incident and Event Management system to ensure detection and management of events and incidents is functioning effectively.
What you’ll need to succeed
- Demonstrated experience leading cyber security incident response functions in large or complex ICT environments, preferably government or critical infrastructure.
- Proven ability to manage and lead the full incident response lifecycle, from detection to containment, eradication, and recovery.
- Strong technical understanding of incident response methodologies, threat intelligence, vulnerability management, and digital forensics principles.
- Keen interest and understanding of current and emerging cyber threat actor tactics, techniques and procedures.
- Hands-on experience with SIEM and SOAR tools, including use cases for alerting, threat hunting, and automated response.
- Knowledge of contemporary security frameworks and standards (e.g., ISM, NIST CSF, MITRE ATT&CK, Essential Eight, ISO 27035).
- Experience developing incident response plans, playbooks, and escalation pathways for critical systems and services.
- Proven ability to coordinate and lead during high-pressure incidents, engaging with technical teams, executives, and external stakeholders.
- Excellent written and verbal communication skills, including the ability to produce clear incident reports, executive briefings, and post-incident recommendations. Ability to translate deep technical knowledge and data into strategic intelligence for senior and executive leaders.
Desirable Characteristics
- Experience conducting cyber incident simulations, red team/blue team exercises, or crisis management scenarios.
- Exposure to cloud-native environments and hybrid security monitoring solutions.
- Industry certifications such as GCIH, GCFA, CISSP, CCSP, Azure Security Engineer, or equivalent.
- Experience uplifting incident response maturity in a managed service or federated environment
Special conditions
- The incumbent must hold a current Australian citizenship and will be subject to a criminal history check.
- The incumbent may be assigned to other duties at this remuneration level or equivalent.
- Some out of hours work and intra/interstate travel may be required.
- The incumbent is required to participate in SAPOL’s iEngage program .
Salary
ASO8 - $121,107 - $125,679 per annum plus super.
Enquiries
Bianca Holmes
(08) 8100 1784
Bianca.Holmes@harrisonmcmillan.com.au
Application Instructions
All applications must be submitted online.
Applicants must submit a covering letter (two pages) addressing the essential minimum requirements of the role outlined in the Position Information Document, a current resume and the contact information of three referees including your current line manager.
Applicants external to SAPOL must complete an RF2099 Pre-Employment Declaration Form and submit this with their application.
South Australia Police is an equal opportunity employer committed to providing a working environment that embraces and values diversity and inclusion.
Aboriginal and Torres Strait Islander People and people with disability are strongly encouraged to apply.
The South Australian public sector supports flexible ways of working including part-time working arrangements wherever reasonably possible. The sector is diverse and desires to increase in diversity and to create opportunities for more South Australians.
We are committed to making reasonable adjustments to provide a positive, barrier-free recruitment process and supportive workplace. If you have any support or access requirements, we encourage you to advise us at the time of application
