Program Security Manager

Company Description

PG Forsta is the leading experience measurement, data analytics, and insights provider for complex industries—a status we earned over decades of deep partnership with clients to help them understand and meet the needs of their key stakeholders. Our earliest roots are in U.S. healthcare –perhaps the most complex of all industries. Today we serve clients around the globe in every industry to help them improve the Human Experiences at the heart of their business. We serve our clients through an unparalleled offering that combines technology, data, and expertise to enable them to pinpoint and prioritize opportunities, accelerate improvement efforts and build lifetime loyalty among their customers and employees.

Like all great companies, our success is a function of our people and our culture. Our employees have world-class talent, a collaborative work ethic, and a passion for the work that have earned us trusted advisor status among the world’s most recognized brands. As a member of the team, you will help us create value for our clients, you will make us better through your contribution to the work and your voice in the process. Ours is a path of learning and continuous improvement; team efforts chart the course for corporate success.

Our Mission:

We empower organizations to deliver the best experiences. With industry expertise and technology, we turn data into insights that drive innovation and action.

Our Values:

To put Human Experience at the heart of organizations so every person can be seen and understood.

• Energize the customer relationship: Our clients are our partners. We make their goals our own, working side by side to turn challenges into solutions.
• Success starts with me: Personal ownership fuels collective success. We each play our part and empower our teammates to do the same.
• Commit to learning: Every win is a springboard. Every hurdle is a lesson. We use each experience as an opportunity to grow.
• Dare to innovate: We challenge the status quo with creativity and innovation as our true north.
• Better together: We check our egos at the door. We work together, so we win together.

We are seeking an experienced and security-focused Program Security Manager to oversee and deliver IRAP compliance and risk management for our Australian Government client, the Australian Bureau of Statistics (ABS) . This role is critical in ensuring Forsta’s SaaS platform aligns with Australian Government security standards including the Information Security Manual (ISM) , Cloud Controls Matrix (CCM) , and Protective Security Policy Framework (PSPF) .

You will lead IRAP audits, implement security frameworks, coordinate risk and incident management, and act as the primary liaison between Forsta and ABS security teams.

Key Responsibilities

1. IRAP Compliance & Certification

• Lead Forsta’s IRAP certification program, ensuring compliance with ISM, CCM, and PSPF requirements.
• Manage IRAP audits, documentation, and control implementation.
• Serve as liaison between Forsta’s GRC, security, engineering teams, and ABS stakeholders.
• Coordinate penetration testing, vulnerability scans, and risk assessments.
• Facilitate internal training on ABS and IRAP compliance expectations.

2. Security Roadmap & Policy Development

• Define and maintain a security roadmap for the IRAP-authorized Forsta Plus platform.
• Prioritize ISM and CCM enhancements in collaboration with Risk & Security teams.
• Embed security-by-design principles into engineering and DevOps workflows.

3. ABS Stakeholder Engagement

• Act as ABS’s primary security contact, ensuring responsive communication and transparency.
• Support pre-sales efforts, contract renewals, and ongoing client security reviews.
• Deliver regular briefings, risk updates, and compliance reports to ABS stakeholders.

4. Internal Collaboration

• Work cross-functionally with Legal, GRC, IT, Application Security, and DevOps teams.
• Ensure clear accountability and alignment between compliance, engineering, and product functions.
• Collaborate with PG Forsta’s CISO to address emerging cybersecurity threats impacting ABS.

5. Risk Management & Incident Response

• Implement IRAP-compliant incident response protocols.
• Maintain risk registers, perform threat modelling, and drive continuous security improvement.
• Partner with PG Forsta’s SOC to monitor, report, and mitigate ABS-related threats.

Citizenship Requirement

Due to the nature of this role and the sensitivity of government data, Australian Citizenship is a mandatory requirement. The successful candidate must be eligible to obtain and maintain a Baseline or NV1 Australian Government Security Clearance in accordance with IRAP and ABS requirements.

About You

You are a strategic, detail-oriented security leader with a deep understanding of IRAP frameworks and Australian Government data protection standards. You’re confident managing large-scale compliance initiatives, collaborating with cross-functional teams, and acting as a trusted partner to high-profile clients.

You’ll bring:

• 5+ years of experience in technical product, program, or project management in a regulated environment.
• Demonstrated expertise in IRAP-certified products and compliance processes.
• Strong technical background in SaaS, cloud security, or product security governance.
• Ability to communicate effectively with technical and executive stakeholders alike.
• Proven experience managing audits, risk assessments, and security control implementation.
• Strong project management, stakeholder engagement, and cross-functional leadership skills.

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At PG Forsta we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

Additional Information for US based jobs:

Press Ganey Associates LLC is an Equal Employment Opportunity/Affirmative Action employer and well committed to a diverse workforce. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, veteran status, and basis of disability or any other federal, state, or local protected class.

Pay Transparency Non-Discrimination Notice – Press Ganey will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.

All your information will be kept confidential according to EEO guidelines.

Our privacy policy can be found here: https://www.pressganey.com/legal-privacy/