About Us

Since 2011, we've redefined the future of retail in Australia and New Zealand. As the #1 fashion e-commerce & lifestyle destination in the region, our e-commerce platforms provide an inspiring and seamless end-to-end customer experience through our own technology innovations.

We are a diverse and dynamic community of over 1,000 people working towards our purpose “To bring on the future of shopping”. We are people and planet positive, and we strive towards creating a positive impact in the world by driving genuine and meaningful change for the better of all communities involved.

Our Team

Our Security team is our collective shield that protects our business and customers. They are vigilant, knowledgeable, and determined to stay ahead of any would-be disruptor.

About The Role..

We are seeking an experienced and strategic Director of Security to define and drive our company-wide security strategy, ensure regulatory compliance, and lead incident response and risk management efforts

What You’ll Love About This Role…

• Security strategy & roadmap: Define, own and execute the company’s security strategy and roadmap, aligned with GFG’s security strategy and overall business objectives.
• Compliance & governance: Oversee and ensure compliance with relevant security standards and regulations (e.g., GDPR, NIST CSF, ISO 27001).
• Incident response & recovery: Lead incident response playbooks, coordinate post-incident reviews, and implement improvements to minimise impact and protect assets.
• Risk management: Conduct risk assessments and vulnerability management to reduce risk exposure through timely identification and mitigation.
• Embed security in product lifecycle: Partner with product, engineering and IT teams to integrate security early in planning and technical roadmaps.
• Cross-functional collaboration: Work closely with GFG Security, IT and other business teams to align security priorities with broader initiatives and timelines.
• Security awareness & training: Lead company-wide security awareness programmes and training to uplift security practices across the organisation.
• Communication & reporting: Report regularly to senior leadership and the board on security posture, KPIs, high-risk vulnerabilities and incident responses.
• Influence & leadership: Influence roadmaps and priorities across functions; balance security requirements with business objectives while exercising decision rights where applicable.

What You’ll Bring To The Role..

• Proven leadership: Significant experience leading security teams and owning company-wide security programmes.
• Technical expertise: Strong background in risk management, vulnerability assessment, incident response and cyber recovery.
• Standards & compliance: Experience implementing and managing controls for GDPR, NIST CSF and ISO 27001 (or similar frameworks).
• Cross-functional influence: Demonstrable ability to influence engineering, product and non-technical stakeholders and shape roadmaps.
• Communication: Excellent capability to translate security risks and priorities for non-technical leadership and board-level audiences.
• Operational excellence: Experience developing incident playbooks, running post-incident reviews and driving continuous improvement.
• Qualifications: Relevant degree or equivalent experience; professional certifications desirable (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor).

Ways to stand out from the crowd..

• Experience working at scale in retail, e‑commerce, or global organisations.
• Hands-on background in cloud security (AWS/Azure/GCP), application security, and secure development practices (DevSecOps).
• Experience aligning local/regional security requirements with a global security strategy.

Life With Us

🌟 Flex Your Way – Hybrid working options so you can slay your day wherever works best for you!

🧠 Learning Collective – From learning days to hackathons, we’re all about leveling up our skills together!

👨 👩 👧 👦 Parents – Parental leave and an extra day off for your Child's first day at school, because those moments matter.

🎂 Birthday Bliss – Celebrate YOU with a paid day off and a voucher to spoil yourself!

🛍️ Style Game Strong – Our staff discounts and exclusive sample sales will keep your wardrobe on point at all times

💪 Wellness – Access to discounted gym memberships and wellbeing programs because a healthy you is a happy you!

💛 People First – We’ve got your back (and your family's!) with our Employee Assistance Program.

🌍 Do Good, Feel Good – Give back through volunteer days with our Charity Partner, Thread Together, and make a difference in society and the environment.

👯 ♀️ Refer a Friend, Reap the Rewards – Score big with our referral program when your recommended friends join the crew!

🟢 Please consider applying even if you don't meet 100% of what’s outlined 🟢

Key Responsibilities

• 🛡️ Defining security strategy
• ✅ Overseeing compliance
• 🚨 Leading incident response

Key Strengths

• 👥 Leadership
• 🔍 Risk management
• 📜 Compliance
• ☁️ Cloud security
• 🔗 Cross-functional influence
• 🗣️ Communication

Why this company is partnering with Hatch on this role. Hatch exists to level the playing field for people as they discover a career that’s right for them. So when you apply you have the chance to show more than just your resume.

A Final Note: This is a role with our client, not with Hatch.