| Remuneration: | market-related |
| Location: | George |
| Job level: | Senior |
| Type: | Permanent |
| Reference: | #BH-474 |
| Company: | Badger Holdings |
Job description
Information Security Senior Analyst
Location: George, South Africa
About Pacific International Insurance
Pacific International Insurance has been helping Australians protect what matters for over 20 years. Backed by the global strength of Badger International, an insurance organisation with international interests, Pacific delivers trusted, quality insurance products across Australia and New Zealand, with full international endorsement. As an Australasian insurance underwriting company, Pacific offers a range of personal and business insurance solutions across various brands.
Pacific's business philosophy is to provide soft landings through all interactions with partners, customers, community, staff, and the broader industry, and this commitment sits at the core of every product we build and every service we deliver. This is a business that values analytical rigour, commercial integrity, and people who want to do meaningful work in a collaborative, high-output environment.
About the role
We are looking for a dedicated professional to join our team as Information Security (IS) Senior Analyst. This role is a core member of Pacific's IS function, delivering activity across governance, risk, and assurance. Reporting to the head of information security, the role maintains the IS Policy Framework (ISPF) and IS Control Library, delivers Pacific’s systemic control testing program, conducts IS risk assessments, and leads IS issue and finding management, and supports Pacific's compliance with APRA CPS 234 ‘information security’. The role facilitates the information security working group (ISWG) governance forum, provides guidance and mentoring to the IS Analyst, and contributes to the development of Pacific's IS strategy and roadmap. Working with autonomy and engaging stakeholders across technical and non-technical audiences, the IS Senior Analyst will help embed an information security-aware culture and support the function's maturing governance remit.
Key responsibilities:
Strategy, roadmap and investment
- Contribute to the development of Pacific's IS strategy and roadmap, drawing on control testing outcomes, assurance findings, and regulatory developments.
- Perform business-as-usual activities, along with active involvement in supporting the IS strategy and roadmap to ensure Pacific’s information security obligations are delivered across the function.
People leadership and function development
- Contribute to a collaborative culture, setting a positive example and representing the team.
- Proactively develop IS knowledge and capability, engaging with development opportunities as agreed with the Head of Information Security.
- Provide guidance and mentoring to the IS Analyst, supporting their development in governance and risk practices.
- Identify and suggest improvements to IS team processes, templates, and coordination tools to support function efficiency and maturity.
- Operate effectively as part of a small, cross-functional team, bringing flexibility and breadth to support the IS function’s objectives.
- Explore and adopt AI tools to improve the efficiency and quality of your own work, and contribute ideas for broader adoption.
Governance and framework ownership
- Maintain the ISPF and IS control library, keeping policies, procedures, standards, and controls current, fit for purpose, and aligned to APRA CPS 234 and relevant industry standards, under direction from the head of information security.
- Design and operationalise IS controls, overseeing transition of uplifted procedures and standards into business-as-usual (BAU) and supporting sustainable adoption.
- Facilitate the information security working group (ISWG) as a standing responsibility, coordinating with the IS analyst on agendas, papers, and actions, and ensuring governance outcomes are delivered.
- Deliver insights and analysis to support governance reporting, board inputs, and executive decision-making.
Risk, assurance and compliance
- Support Pacific's compliance with APRA CPS 234, including preparing evidence to support compliance and coordinating audit and assurance activities.
- Conduct IS risk assessments including third-party risk assessments, producing findings and guiding treatment recommendations aligned to Pacific's enterprise risk framework.
- Lead IS issue and finding management, engaging control and risk owners to support remediation progress, and reviewing risk acceptances, extension requests, and closure evidence to ensure findings are resolved and appropriately governed.
- Deliver Pacific’s systemic control testing program, designing and executing control effectiveness reviews, documenting outcomes, and advancing remediation of identified gaps.
- Monitor material service providers against CPS 230 ‘Operational Risk’ on an ongoing basis, and escalating issues as required.
Security operations and resilience
- Participate in IS resilience activities including incident response exercises and disaster recovery tests, providing IS assurance oversight and observing control effectiveness firsthand.
- Review and document outcomes of IS resilience activities, identifying gaps, tracking remediation, and reporting findings to the Head of Information Security.
Security awareness and stakeholder engagement
- Design and deliver Pacific's IS awareness program, with IS analyst support, including targeted face-to-face sessions, ensuring the program remains current to foster a security-aware culture.
- Build and maintain trusted working relationships across the organisation and contribute to promoting a clear understanding of IS roles and responsibilities, supporting stakeholders to understand their IS obligations.
- Represent the IS function with external parties and in cross-functional forums as directed by the Head of Information Security.
Expanded governance
- Advance the IS function's expanding governance remit beyond information security, building out additional governance domains as the function matures, for example technology governance.
Where you’ll work
- This role is based in George, South Africa. We strongly prefer candidates who are able to work on-site at our George office, however we are open to considering exceptional remote candidates within South Africa.
- Working hours will be semi-aligned to the Australian time zone: 05:00 to14:00 SA time – giving you more free time later in your day!
Why join us?
This is an excellent opportunity for a driven professional to play a hands-on role in protecting the data and trust of the people and businesses we serve. You will work alongside experienced security professionals who value collaboration and knowledge sharing, giving you room to sharpen your technical expertise while shaping how the organisation defends against emerging threats. You'll have genuine influence over security practices and projects, not just execution of someone else's plan. This is a chance to grow your career in a supportive team environment, backed by an organisation that takes security seriously and invests in the people who deliver it.
Requirements
- Tertiary qualification in information technology, cybersecurity, business, or a related discipline, or equivalent professional experience.
- Foundational understanding of information security, risk, or governance concepts, gained through work experience, study, or transferable exposure in a related field.
- Strong communication and facilitation skills, with the ability to engage effectively across technical and non-technical audiences including senior stakeholders.
- Ability to manage a complex and varied workload with significant autonomy and deliver substantive outcomes to deadline.
Bonus skills
- Demonstrated experience in an information security governance, risk, or compliance role in a regulated environment.
- Experience conducting IS risk assessments and control testing, with the ability to produce clear, risk-rated findings and treatment recommendations.
- Prior experience in the insurance, financial services, or prudentially regulated sector (for example APRA, FSCA, SARB, or equivalent).
- Experience chairing or facilitating governance committees or working groups.
- Professional certifications such as CISM, CRISC, CISSP, or ISO 27001 lead auditor / implementer.
Posted on 03 Jul 16:00, Closing date 1 Aug














English (US) ·