Why Tyro?

At Tyro, we’re into business big time. Through our integrated payments, banking and lending solutions, we’re here to ensure nothing stands in the way of Australian business success. With over 21 years' experience under our belt, we know what it takes to build something great, which is why we combine the best people, technology, and partners to deliver simplified payments and seamless business banking to our customers. We’re proud to power more than 76,000 merchants across Australia and to work with almost 800 partners to create seamless experiences for hospitality, retail, services and health providers.

It starts with You.

Just like our customers, we’re obsessed with the success of our people. So, when you come onboard, we’ll give you all the support you need to do your best work. Our close to 600 Tyros are a highly collaborative team, so you’ll get to work with smart, motivated and friendly people across Tyro. We are fast paced and innovative and strive to live our values everyday – commit to greatness, stay hungry, wow the customer, be good and win together! We are big enough for you to have opportunities to have a career at Tyro and small enough that you can have a real impact. As we continue our mission to shake things up and make payments the easiest part of doing business, you’ll have the opportunity to learn new skills with hands-on experience, further your career, and help unleash the potential of our customers, one payment at a time.

🎥 Step inside life at Tyro here.

About the role

The Head of Cyber Strategy & Architecture is Tyro’s senior authority on security architecture and secure engineering practices. Reporting to the CISO, this role defines and drives the long-term cyber strategy and security architecture vision that underpins Tyro’s growth, resilience, and regulatory posture. 

A key expectation of this role is deep, hands-on experience with secure architecture design principles. The successful candidate will not only set strategic direction but will also meaningfully engage in practical architecture work, supporting teams in designing secure systems, validating solutions, and applying security controls in real-world environments.

Working closely with technology, product, enterprise architecture, and security leaders, this role champions secure-by-design principles and ensures security enables innovation and sustainable business growth. 

What you'll do

• Define and lead Tyro’s cyber strategy aligned to business growth, regulatory obligations, and technology transformation, delivering clear prioritisation and measurable risk reduction outcomes. 

• Own and perform hands-on security architecture across cloud, payments, banking, and product platforms, leading complex design reviews, validating high-risk initiatives, and ensuring secure-by-design principles are practically implemented. 

• Lead Product Security and Application Security by embedding security throughout the product lifecycle, strengthening the secure SDLC, advancing threat modelling practices, and integrating automated controls across CI/CD pipelines. 

• Establish and govern enterprise security standards including reference architectures, control baselines, and architectural guardrails aligned to NIST CSF 2.0 and Tyro’s risk appetite, with clear control traceability and evidence. 

• Lead security assurance and certification activities, including ISO 27001 audits, ongoing control effectiveness reviews, and formal attestations, ensuring strong documentation, evidence management, and audit readiness. 

• Manage the relationship with Tyro’s third-party penetration testing partner, overseeing scope, quality, reporting, and remediation follow-through to ensure meaningful risk reduction. 

• Ensure regulatory and resilience alignment across APRA CPS 234, PCI-DSS, and operational resilience requirements, maintaining defensible design and demonstrable compliance. 

• Influence executive and technology stakeholders to balance innovation, customer experience, and risk management, positioning security as a strategic business enabler. 

What you'll bring

Technical and Craft:

• Deep experience designing secure, scalable, and resilient system architectures, including cloud-native, API-driven, and distributed systems—using established security principles (least privilege, zero trust, defense-in-depth, secure patterns) 

• Strong understanding of secure software development principles, the OWASP Top 10, and common application vulnerabilities. 

• The ability to define and maintain security reference architectures, control baselines, and technology selection frameworks, ensuring consistent, scalable adoption of secure-by-design practices across diverse engineering teams. 

• Proficiency in conducting and guiding architecture risk assessments, modelling potential attack paths, identifying control gaps, and providing pragmatic, risk-aligned recommendations that engineering teams can operationalise. 

• Proven experience embedding security controls and practices into Agile and DevOps workflows. 

• Experience with security testing tools such as SAST, DAST, and Software Composition Analysis (SCA), using platforms such as GitHub Advanced Security, Aikido and Snyk. 

• Experience embedding automated security checks in CI/CD pipelines. 

• Experience applying threat modelling and risk assessment methodologies such as STRIDE to identify and mitigate design-level threats. 

• Ability to work effectively with developers, architects, and technology teams to identify, triage, and remediate security issues. Understanding of secure development and configuration practices in cloud environments such as AWS, Azure, or GCP. 

• Experience triaging, tracking, and supporting the remediation of identified vulnerabilities using platforms such as Jira or ServiceNow. 

• A proactive approach to uplifting security maturity, driving automation, and improving security awareness within development teams. 

Personal attributes:

• Pragmatic and solutions-oriented, with a strong ability to find the right balance between business enablement and effective security. 

• Strategic and visionary thinker capable of simplifying complex problems and creating clarity in ambiguous situations. Highly collaborative and influential, able to build alignment across diverse technical and non-technical teams. 

• Effective communicator who can translate technical concepts into business-relevant insights. 

• Proactive and accountable, with a passion for improving security maturity and organisational capability. 

• Strong leadership presence, fostering trust, engagement, and continuous improvement within the team and broader organisation. 

• Analytical and detail-oriented, with strong problem-solving skills and a focus on sustainable, risk-based solutions. 

What’s in it for you?

We’ve worked hard to create an environment that’s big on diversity, inclusion, and flexibility, and one that suits the changing needs of team members across Australia. Here are just some of the things Tyros tell us they love about working here.

You’ll also receive:

• A mix of in-office and remote working

• Learning and career development opportunities

• 16 weeks paid primary carers leave

• 12 weeks paid secondary carers leave

• Annual team-based volunteer day

• Birthday Leave

• Power Up Day (Additional day of leave)

• Weekly team social events, snacks, craft beer and wine, ping pong and video games

• Taco Tuesdays

• Mental health and wellness initiatives

• Novated leasing

Tyro is committed to a diverse, inclusive workplace where everyone thrives. We welcome applicants of all backgrounds and are an equal opportunity employer. If you need accommodations or adjustments at any stage of the recruitment process, simply inform our Talent team during your conversation with them.

Still with us?

If you’ve got this far, then you might just be a great fit for us. Don’t tick all the boxes above? That’s ok, apply anyway and our Talent team will review your profile - you might be a fit for future roles.

#LI-Hybrid