Director of Security

Since launching in 2011, THE ICONIC has redefined the future of retail in Australia and New Zealand. As the leading fashion, sports and lifestyle e-commerce destination in the region, our e-commerce platforms (Retail, Marketplace and Services) provide a seamless and inspiring end-to-end customer experience through our own technology innovations. We stand for benchmark-setting customer service, delivery options, returns policies, and curation of brands.

We are a diverse and dynamic community of over 1,000 people working towards our purpose “To bring on the future of shopping”. THE ICONIC is people and planet positive, and we strive towards creating a positive impact in the world by driving genuine and meaningful change for the better of all communities involved. 

Security at THE ICONIC..

Our Security team is THE ICONIC's collective shield who protect our business and customers. They are vigilant, knowledgeable and determined to stay ahead of any would-be disruptor.

About the role..

We are seeking an experienced and strategic Director of Security to define and drive our company-wide security strategy, ensure regulatory compliance, and lead incident response and risk management efforts

What you’ll love about this role…

• Security strategy & roadmap: Define, own and execute the company’s security strategy and roadmap, aligned with GFG’s security strategy and overall business objectives.
• Compliance & governance: Oversee and ensure compliance with relevant security standards and regulations (e.g., GDPR, NIST CSF, ISO 27001).
• Incident response & recovery: Lead incident response playbooks, coordinate post-incident reviews, and implement improvements to minimise impact and protect assets.
• Risk management: Conduct risk assessments and vulnerability management to reduce risk exposure through timely identification and mitigation.
• Embed security in product lifecycle: Partner with product, engineering and IT teams to integrate security early in planning and technical roadmaps.
• Cross-functional collaboration: Work closely with GFG Security, IT and other business teams to align security priorities with broader initiatives and timelines.
• Security awareness & training: Lead company-wide security awareness programmes and training to uplift security practices across the organisation.
• Communication & reporting: Report regularly to senior leadership and the board on security posture, KPIs, high-risk vulnerabilities and incident responses.
• Influence & leadership: Influence roadmaps and priorities across functions; balance security requirements with business objectives while exercising decision rights where applicable.

What you’ll bring to the role..

• Proven leadership: Significant experience leading security teams and owning company-wide security programmes.
• Technical expertise: Strong background in risk management, vulnerability assessment, incident response and cyber recovery.
• Standards & compliance: Experience implementing and managing controls for GDPR, NIST CSF and ISO 27001 (or similar frameworks).
• Cross-functional influence: Demonstrable ability to influence engineering, product and non-technical stakeholders and shape roadmaps.
• Communication: Excellent capability to translate security risks and priorities for non-technical leadership and board-level audiences.
• Operational excellence: Experience developing incident playbooks, running post-incident reviews and driving continuous improvement.
• Qualifications: Relevant degree or equivalent experience; professional certifications desirable (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor).

Ways to stand out from the crowd..

• Experience working at scale in retail, e‑commerce, or global organisations.
• Hands-on background in cloud security (AWS/Azure/GCP), application security, and secure development practices (DevSecOps).
• Experience aligning local/regional security requirements with a global security strategy.

Why you'll love THE ICONIC..

From our ways of working to our growth mindset and sustainable approach, we each add unique value and have an incredible amount of fun doing it! People are our greatest asset and our ICONITE experience is designed to empower you to do your best work. Here’s what to expect when you join THE ICONIC:

• Flexible working. We offer a hybrid and flexible working model so you can do your best work in a way that works for you
• The learning collective. Get your knowledge fix with our learning days and hackathons
• Parents at THE ICONIC. Access to our parental leave program and an extra day off for your kids' first day of school every year
• Birthday leave. Enjoy a paid day off for your birthday and an ICONIC voucher to treat yourself
• Curate your style. No matter what your style is, we have got you covered with our Amazing staff discount and our famous sample sales
• People & Planet Positive. From our ethical sourcing and sustainability strategies to our community engagement and diversity, our responsibility is multifaceted, and each of these facets are equally important.
• Wellbeing. Access to our discounted gym memberships and wellbeing programs
• People first. Access our Employee Assistance Program for you and your family.
• Volunteer days. Work as a Charity Partner with Thread Together for society and environmental change.
• Refer a friend. Enjoy a referral reward for successfully referring someone to THE ICONIC.

At THE ICONIC, diversity, inclusion, and belonging are integral to our culture, fostering an environment of respect and dignity. We aim to empower self-expression and ensure our workforce reflects our diverse communities. By embracing diverse perspectives and experiences, we strive to create a genuine sense of belonging for our employees, customers, and partners, promoting equal opportunities and a better shopping experience for all

Additional Information..

We are committed to providing reasonable arrangements to all individuals participating in our application and interview process, and while performing job functions. If you require any accommodations or adjustments prior to the submission of your application or throughout your interview process, please contact our Talent Acquisition team directly: [email protected]