The Opportunity
Reporting to the Chief Operating Officer - Cyber, the Head of Assurance Services holds a pivotal position, contributing to the growth of the Assurance practice through effective management of the established team and providing ongoing thought leadership and growing product offerings and revenue streams.
A major function of the role is to meet specific financial targets for the Assurance division. This will be achieved through successful account management and providing outstanding engagement and relationship management to our customers, at all times – while consistently delivering projects on time, on budget and with exceptional quality.
Leveraging deep technical and security experience, the Head of Assurance Services
is integral in leading the organisation’s Assurance Professional Services offerings - encompassing both strategic and BAU projects and deliverables, whilst ensuring alignment with best practice security methodologies and industry standards.
The Head of Assurance Services will be responsible for ensuring a successful go to market strategy and delivery of successful projects for our customers, on time and on budget. Key to this role will be the ability to lead by example, using your strong technical aptitude and leadership skills to take our established Assurance team to the next level, through upskilling, new methodologies and mentorship
Whilst leading the team, this is also a hands-on leadership role and you will be required to oversee and assist with mentoring team members offensive testing against client applications and network assets (including both manual and automation testing) to find exploitable vulnerabilities. These projects will involve working with a variety of testing tools, to probe an organisation’s network - attempting to find any areas which are vulnerable to attack and identifying methods by which attackers could exploit security flaws.
Collaborating with the Sales and Pre-Sales teams’, the role will provide pre-sales and post-sales support in identifying customers’ wants and needs by drawing on your extensive industry knowledge around Assurance best practice applications, principles and standards.
Responsibilities
- Team Leadership and Development: Lead, mentor, and develop a high-performing team of offensive security consultants, ensuring continuous skill development, career progression, and industry certification advancement whilst maintaining high team engagement and retention.
- Service Delivery Excellence: Oversee end-to-end delivery of all offensive assurance services including penetration testing, red team engagements, and other security assessments ensuring projects are delivered on time and exceed client expectations through rigorous quality assurance and technical oversight.
- Technical Innovation and Research: Drive continuous improvement in offensive security methodologies, tools, and techniques by staying current with emerging threats, attack vectors, and industry best practices whilst fostering a culture of research and knowledge sharing within the team.
- Business Development and Growth: Collaborate with sales teams to scope and price offensive security engagements, develop service offerings that align with market demands, and achieve revenue and utilisation targets whilst maintaining competitive positioning.
- Quality Assurance and Standards: Establish and maintain technical standards, testing methodologies, and deliverable templates that ensure consistent, high-quality output across all engagements whilst meeting regulatory and compliance requirements.
- Client Relationship Management: Develop client relationships as a trusted advisor by deeply understanding their security objectives, risk tolerance, and compliance requirements, ensuring offensive security engagements are strategically aligned with their broader cyber security goals and deliver measurable security outcomes.
- Resource Planning and Operations: Manage consultant allocation, project scheduling, and capacity planning to optimise team utilisation whilst ensuring appropriate skill matching for complex engagements and maintaining work-life balance.
- Strategic Planning and Reporting: Develop and execute the offensive security service strategy, provide regular performance metrics to executive leadership, and contribute to organisational security posture through internal assessments and risk management initiatives.
Measurement of Success:
- Financial Performance: Achieving specific financial targets for the Assurance division through successful account management and delivering projects on time, on budget, and with exceptional quality.
- Customer Satisfaction: Maintaining excellent Net Promoter Score (NPS) and customer feedback for the Assurance team, addressing areas for improvement as required.
- Project Delivery: Ensuring successful delivery of Assurance services to clients, meeting deliverables and milestones as per agreed Statements of Work (SOWs) on time and budget.
- Quality Control: Meeting and maintaining Quality Control standards throughout each engagement.
- Customer Relationships: Developing and maintaining strong relationships with customers, acting as a trusted advisor on their security strategy.
- Innovation and Best Practices: Delivering innovative and best practice penetration services and solutions capabilities.
- Internal Security Standards: Maintaining internal security standards and customer confidentiality materials through annual internal reviews and gap assessments.
Key Competencies and Experience:
- Mandatory tertiary qualification (such as a degree in cyber security, computer science, or equivalent).
- Recognised security certifications (such as OSCP, OSCE, CREST, GIAC, CEH) are highly desirable.
Skills:
Leadership Experience
- 7-10 years of progressive experience in offensive security consulting roles
- Minimum 5 years in leadership positions managing security assessment teams
- Proven ability to lead and develop geographically distributed teams
Technical Expertise
- Extensive hands-on experience in penetration testing across web applications, internal infrastructure, and external environments
- Proficiency with diverse penetration testing tools, frameworks, and methodologies (both commercial and open-source)
- Red team or adversarial simulation experience highly regarded
- Solid understanding of information security standards and frameworks (ISO 27001, NIST, OWASP)
Qualifications and Certifications
- Tertiary qualification in computer science, cybersecurity, or equivalent field
- Minimum two advanced offensive security certifications (OSCP, OSCE, CREST CRT/CCT, GIAC)
- Additional recognised security testing certifications (CEH, CISSP) advantageous
Strategic and Communication Skills
- Demonstrated experience developing and executing cybersecurity strategies
- Exceptional written and verbal communication skills with ability to present complex technical concepts to diverse audiences
- Proven track record building strong relationships with clients, executives, and key stakeholders
- Experience preparing formal security reports and executive-level presentations
Business Engagement
- Strong analytical and organisational capabilities
- Experience with budget management and resource planning
- Understanding of IT governance, policies, and procedural frameworks
- Demonstrated ability to align security initiatives with business objectives
Personal Attributes:
Leadership and People Management
- Proven leadership capabilities with experience mentoring and developing high-performing teams
- Strong stakeholder management skills across technical and executive audiences
- Ability to set clear goals, motivate team members, and identify individual development opportunities
- Hands-on leadership approach with willingness to support team delivery when required
Communication and Relationship Building
- Exceptional verbal and written communication skills
- Ability to establish and maintain strong relationships with internal teams and external partners
- Capable of aligning cybersecurity initiatives with broader business objectives
Professional Excellence
- Outstanding time management and organisational capabilities
- Strong project delivery skills with high attention to detail
- Demonstrated accountability and ownership mentality
- Ability to perform effectively under pressure whilst maintaining quality standards
Adaptability and Growth Mindset
- High aptitude for learning emerging technologies and industry developments
- Flexibility and adaptability to changing business requirements
- Willingness to embrace new challenges and innovative approaches
- Openness to comprehending and implementing new technologies and processes
Collaboration and Autonomy
- Ability to work autonomously whilst contributing effectively to collaborative team environments
- Experience working within agile delivery methodologies
- Strong sense of responsibility for driving issues to resolution
Platform and software knowledge:
Offensive Security Tools and Frameworks
- Advanced penetration testing platforms (Metasploit, Cobalt Strike, Havoc)
- Vulnerability assessment tools (Nessus, OpenVAS, Burp Suite Professional)
- Network reconnaissance and enumeration tools (Nmap, Masscan, Recon-ng)
- Web application testing frameworks (OWASP ZAP, SQLmap, Nikto)
- Social engineering and phishing platforms (Gophish, SET, Evilginx, Microsoft Attack Simulator)
Target Environment Technologies
- Cloud platforms and security services (AWS, Azure, GCP security configurations)
- Enterprise directory services (Active Directory, Azure AD, LDAP)
- Network infrastructure components (firewalls, routers, switches, VPNs)
- Virtualisation and containerisation technologies (VMware, Docker, Kubernetes)
- Operating systems hardening and exploitation (Windows, Linux, macOS)
Security Architecture and Controls
- Identity and access management systems (SSO, MFA, PAM solutions)
- Endpoint detection and response (EDR) platforms
- Network segmentation and monitoring technologies
- SIEM/SOAR platforms and detection capabilities
- Application security controls and API security frameworks
Compliance and Risk Frameworks
- Australian government security frameworks (Essential 8, ISM, PSPF)
- International standards (ISO 27001, NIST Cybersecurity Framework)
- Industry-specific compliance requirements (PCI DSS, HIPAA, SOX)
- Risk assessment methodologies and threat modelling approaches
Business and Project Management Tools
- Project management platforms (Service NOW, Confluence, M365 apps)
- Client relationship management systems
- Reporting and documentation tools
- Resource planning and scheduling software
How to Apply
Please send resumes to: pauline.tabirara@infotrust.com.au