BISO (Business Information Security Officer)
REA Group
- Be our first BISO and help shape this function across REA Group.
- Directly support our Financial Services business to translate security strategy into practical action.
- Work at the intersection of security, regulation and business in a complex financial services environment.
We're REA
With bold and ambitious goals, REA Group is changing the way the world experiences property. No matter where you're at on your property journey, we're here to help with every step - whether that's finding or financing your next home.
Our people are the key to our success. At the heart of everything we do, is a thriving culture centred around high performance and care. We are purpose driven and collaborative, which drives innovation and our ability to make a real impact. As such, we’re proud to have been named one of Australia’s Best Workplaces four times since 2021 — including third place in 2025 — plus Best Workplace for Women in 2023 and Best Workplace in Technology in 2024 and 2025. These listings are testament to every person who helps make REA a great place to work.
What The Role Is All About
We're establishing a Business Information Security Officer (BISO) function to bridge our central Security team and our business units. The BISO for Financial Services (FS) will be the first role of its kind in our organisation—and you'll help shape what this function looks like across the company.
This role sits at the intersection of security and business. You'll be the security expert embedded within our Financial Services team, responsible for translating central security strategy into meaningful action for the business, and for representing FS's unique needs back to the central team. You'll sit on the FS Product and Technology Leadership team, building relationships with product, engineering, and business leaders, while reporting into our central cybersecurity organisation.
This is a role for someone who can speak both languages fluently—security and business. You'll need to understand the regulatory landscape, navigate a diverse technology stack, and influence without direct authority.
What You'll Do
Be the Security Voice in Financial Services
- Serve as the trusted security leader to FS Technology and Business leadership
- Participate on the FS Product and Technology Leadership team
- Translate central security policies and initiatives into reasonable guidance for FS
- Support the response to any security incidents that occur in FS
- Advise on security implications of new products, features, and technology decisions
- Champion security culture and awareness within the business unit
Drive alignment between Security and FS
- Articulate FS's unique security and compliance requirements to the central Security team
- Advocate for FS priorities in the security roadmap planning and resource allocation
- Ensure central security services (Product Security, Enterprise Security, Detection & Response, GRC) understand FS context when supporting the business unit
- Provide input on enterprise security policies to ensure they're practical for regulated financial services
Navigate Regulatory Complexity
- Develop deep understanding of the regulatory obligations relevant to FS (credit licensing, responsible lending, data retention)
- Partner with FS Compliance and Legal to ensure security controls meet regulatory expectations
- Support regulatory engagement, audits, and examinations as the security subject matter expert
- Stay current on evolving regulatory requirements and their security implications
Drive Risk Management
- Conduct security risk assessments specific to the FS business unit
- Work with the risk team to ensure that cyber security risks are on the FS security risk register and ensure risks are appropriately identified, assessed, and communicated
- Support risk acceptance decisions with clear articulation of residual risk
Enable Secure Delivery
- Engage early in product and technology initiatives to embed security by design
- Review architectural decisions and technology choices for security implications
- Coordinate with central Product Security on application security activities for FS systems
- Support incident response within FS, acting as the liaison to central Detection & Response
Build Relationships and Influence
- Develop strong working relationships with FS engineering, product, and business leaders
- Influence security outcomes through partnership rather than mandate
- Communicate security concepts in business terms that resonate with non-technical stakeholders
- Build trust as someone who enables the business, not blocks it
Experience
Who we’re looking for
- 8+ years in information security, risk management, or related technical roles
- Experience working in or supporting regulated financial services (lending, banking, payments, or similar) considered a positive, but not required
- Demonstrated ability to work across organisational boundaries and influence without authority
- Track record of translating technical security concepts for business audiences
- Experience with security risk assessment and risk management frameworks
Knowledge
- Broad security knowledge incl. app & cloud security, identity, data protection, and GRC
- Familiarity with security frameworks (e.g. NIST CSF, ISO 27001) and how to apply them pragmatically
- Awareness of threats and attack techniques relevant to financial services
- Understanding of Australian financial services regulatory environment (ASIC, APRA expectations, Privacy Act, credit licensing) considered useful but not required
Skills
- Exceptional communication skills for technical and non-technical audiences
- Ability to build trust and credibility quickly with senior stakeholders
- Comfort operating in ambiguity and navigating competing priorities
- Strong analytical and problem-solving capabilities
- Ability to work independently while maintaining alignment with central teams
Mindset
- Business-first: You understand that security exists to enable the business, not the other way around
- Pragmatic: You find ways to manage risk that work in the real world, not just on paper
- Relationship-oriented: You know that influence comes from trust and relationships
- Curious: You ask questions, seek to understand context, and learn continuously
Nice to Have
- Experience in a BISO, divisional security, or embedded security role
- Background in mortgage broking, consumer credit, or lending technology
- Familiarity with Australian privacy law and its application to financial services
The REA Experience
The physical, mental, emotional and financial health of our people is something we’ll never stop caring about. This is a place to learn and grow. Some of our Perks & Benefits include:
- A hybrid and flexible approach to working
- Flexible leave options including, birthday leave and purchase additional leave
- Flexible parental leave offering for primary and secondary carers
- Our Because We Care program offers employees volunteering leave, community grants, matched payroll giving and our Community Café donates 100% of revenue to charity
- Hackdays so you can bring your big ideas to life
Our commitment to Diversity, Equity, and Inclusion
We are committed to providing a working environment that embraces and values diversity, equity and inclusion. We believe teams with diverse ideas and experiences are more creative, more effective and fuel disruptive thinking. If you've got the skills, dedication and enthusiasm to learn but don't necessarily meet every single point on the job description, please still get in touch.
Join our Talent Neighbourhood
Keen to be part of REA but didn't find a perfect match with this opportunity? Perhaps the timing isn't right? You should join our Talent Neighbourhood!