- Lead the next evolution of cyber GRC at REA through platform, automation and smarter risk reporting
- Shape how a product-led technology organisation understands and reduces cyber risk
- Lead a distributed team across Australia and India while partnering closely with senior leaders
We're REA
With bold and ambitious goals, REA Group is changing the way the world experiences property. No matter where you're at on your property journey, we're here to help with every step – whether that's finding or financing your next home. Our people are the key to our success. At the heart of everything we do is a thriving culture centred around high performance and care. We are purpose driven and collaborative, which drives innovation and our ability to make a real impact.
As such, we’re proud to have been named one of Australia’s Best Workplaces four times since 2021 — including third place in 2025 — plus Best Workplace for Women in 2023 and Best Workplace in Technology in 2024 and 2025. These listings are testament to every person who helps make REA a great place to work.
Where the team fits in
Our Cyber Governance, Risk and Compliance team exists to ensure REA has a shared understanding of cybersecurity risk, a practical approach to compliance, and a policy and control environment that is simple to understand and apply.
This team is already well established, but the way it works needs to evolve. That evolution is at the heart of this role. You'll be the person our leaders turn to when deciding what to work on next - driving a shared understanding of our cyber risks.
What the role is all about
This is a rare opportunity to reshape how cyber GRC is done inside a modern product and technology business. Over your first year, you will make the case for and implement a GRC platform, overhaul how we measure and report cyber risk, automate compliance evidence collection, and modernise or replace existing processes so the team’s time is invested where it most reduces risk.
You’ll be the clearest voice on cyber risk at REA, helping leaders make better decisions about what to prioritise and why. You’ll sit on the Security leadership team and work closely with peers across Product Security, Enterprise Security, and Detection and Response.
Day to day, you can expect to:
- Drive a shared understanding of cyber risk across the security organisation and broader business so investment is focused on the controls and remediation that most reduce risk
- Establish, manage and report on security metrics that make performance, exposure and priorities easy for the business to understand
- Support the CISO with regular reporting to senior governance forums and provide confident, constructive challenge when priorities need to shift
- Lead the Cyber GRC team through a shift from routine process execution to higher-value, risk-focused work
- Directly manage the Australian team and provide functional leadership to team members in India, in partnership with their local people manager
- Lead the Business Information Security Officer capability, including the current BISO supporting Financial Services
- Lead the selection, business case creation and implementation of a GRC platform
- Redesign the third-party risk process so it delivers more signal with far less effort
- Establish automated compliance artefact collection to support efficient certification and assurance activity
- Ensure the business understands and manages its obligations across standards including ISO 27001, PCI-DSS and SOC 2
- Oversee the ongoing measurement of cyber maturity using NIST CSF
- Own cybersecurity policies and key governance controls, ensuring they are pragmatic, clear and aligned to business needs
- Establish REA’s approach to supporting minority investments with cyber advice and visibility of cyber risk
- Support cyber due diligence on future acquisition targets
Who we're looking for:
You’re someone who loves technology and enjoys improving the way work gets done. You understand how product development organisations operate, and you know how to make the right way the simplest way.
We’re looking for someone with:
- A track record of delivering technology-enabled change in GRC, security assurance or risk practices, with clear examples of processes you have automated, simplified or retired
- Experience leading teams through change in ways of working
- People leadership experience, ideally across distributed or international teams
- Strong influencing skills and the ability to work effectively across organisational boundaries
- Deep experience with security risk assessment and risk management frameworks, and the ability to translate technical security concepts for business audiences
- Broad security knowledge, including awareness of current threats and attack techniques
- Knowledge of modern product development technologies and ways of working
- Familiarity with security frameworks such as NIST CSF and ISO 27001, and the judgement to apply them pragmatically
- Hands-on comfort with modern tooling, including scripting, APIs or AI tools to remove manual work and improve outcomes
- Exceptional communication skills for both technical and non-technical audiences
- The ability to build trust and credibility quickly with senior stakeholders
- Comfort operating in ambiguity and navigating competing priorities
- Strong analytical and problem-solving capability
The REA experience
The physical, mental, emotional and financial health of our people is something we’ll never stop caring about. This is a place to learn and grow.
Some of our perks and benefits include:
- A hybrid and flexible approach to working
- Flexible leave options including birthday leave and the option to purchase additional leave
- Flexible parental leave offering for primary and secondary carers
- Our Because We Care program offers employees volunteering leave, community grants, matched payroll giving and our Community Café donates 100% of revenue to charity
- Hackdays so you can bring your big ideas to life
Our commitment to Diversity, Equity, and Inclusion
We are committed to providing a working environment that embraces and values diversity, equity and inclusion. We believe teams with diverse ideas and experiences are more creative, more effective and fuel disruptive thinking. If you've got the skills, dedication and enthusiasm to learn but don't necessarily meet every single point on the job description, please still get in touch.
Join our Talent Neighbourhood
Keen to be part of REA but didn't find a perfect match with this opportunity? Perhaps the timing isn't right? You should join our Talent Neighbourhood!
#LI-HYBRID