Australia’s IT services sector is undergoing a rapid evolution as organisations balance digital acceleration with growing cyber risk exposure. As managed services, cloud transformation, and hybrid work environments reshape enterprise operations, security leadership has become deeply embedded within business strategy rather than operating as a siloed function. Today’s security executives are expected to drive resilience, enable innovation, and communicate risk in language that resonates across boardrooms and operational teams alike.
Across Australia, a new generation of CISOs and senior security leaders is emerging, professionals who blend technical depth with business acumen and people-first leadership. Some hold traditional CISO titles, while others operate in hybrid or evolving roles that reflect how cybersecurity responsibilities continue to expand. The following leaders stand out for their strategic impact, industry influence, and ability to shape how organisations approach cyber risk in the IT services landscape.
Nataliya Stephenson — Director, Cyber Security & Risk (ASPAC CISO), Serco
Nataliya Stephenson brings a people-first leadership approach to cybersecurity at Serco, where she serves as Director of Cyber Security & Risk and ASPAC CISO. Since stepping into the role in early 2025, she has positioned security as a collaborative function that aligns operational resilience with business performance across the Asia-Pacific region.
Stephenson is widely recognised for her ability to pair analytical precision with empathetic leadership. Her approach focuses on building trust within teams while delivering structured, data-informed security outcomes. By prioritising clarity, collaboration, and thoughtful risk management, she continues to strengthen Serco’s cyber posture while championing leadership practices that empower teams to solve complex challenges confidently.
Fred Thiele — Chief Information Security Officer, Interactive
Fred Thiele is a seasoned security executive with extensive experience spanning corporate enterprises, government environments, consulting firms, and startups. As Chief Information Security Officer at Interactive, he oversees both internal cybersecurity programs and customer-focused security offerings, allowing him to bridge operational security with client advisory services.
Thiele’s leadership style centres on pragmatic, risk-based decision-making supported by strong communication skills that translate technical complexity into business value. With certifications including CISSP and CISM, he is known for enabling organisations to integrate security and privacy into core strategy while empowering teams to operate with autonomy and clear mission alignment.
Sam Hitchiner — CISO APAC & Principal Security Consultant, Insight
Sam Hitchiner plays a dual role at Insight, combining regional CISO responsibilities with hands-on consulting leadership. Tasked with advancing global CISO capability and leading APAC initiatives, Hitchiner focuses on delivering practical governance frameworks and security uplift strategies for both internal teams and enterprise clients.
His expertise in Microsoft cloud environments allows him to guide organisations through complex cloud transformation initiatives while maintaining strong security controls. Hitchiner’s advisory approach emphasises execution and measurable outcomes, making him a trusted partner for organisations navigating modern cloud risk landscapes.
Harshit Mistry — Head of Information Security, GBST
With more than 15 years of experience across compliance, resilience, and risk governance, Harshit Mistry leads information security strategy at GBST. His career spans multiple regulatory frameworks, including NIST, ISO standards, PCI DSS, and CPS 234, positioning him as a well-rounded authority on global security compliance and risk management.
Mistry is particularly known for translating security strategy into operational programs, from developing third-party risk assurance frameworks to delivering data privacy transformation initiatives. His ability to communicate security risks effectively at both operational and board levels has earned him recognition as a trusted advisor. Beyond technical execution, Mistry actively mentors emerging professionals and advocates for diverse team collaboration to strengthen organisational security outcomes.
Will Sharpe — Chief Information Security Officer, Telstra Health
Will Sharpe serves as Chief Information Security Officer at Telstra Health, where he has been instrumental in strengthening security frameworks across Australia’s rapidly evolving healthcare technology sector. His role involves protecting sensitive health data while supporting the digital transformation initiatives that underpin modern patient care delivery.
Sharpe’s leadership reflects the growing complexity of securing healthcare ecosystems that rely on interconnected platforms, cloud services, and data-driven innovation. By aligning regulatory compliance with forward-looking risk strategies, he continues to help shape security standards within one of Australia’s most critical infrastructure sectors.
Ben Doyle — Former CISO AU/NZ, Thales; Former Director, Cyber Industry Experience, Thales Cyber Services
Ben Doyle remains one of Australia’s most respected cybersecurity leaders, even as he transitions through a career break following decades of influential industry leadership. During his 21-year tenure as CISO for Thales Australia and New Zealand, Doyle played a central role in shaping security strategies across highly regulated aerospace, defence, and national security environments.
More recently, Doyle contributed to expanding cyber industry capabilities through his leadership role within Thales Cyber Services. His legacy includes strengthening national security compliance programs and advising executive boards on emerging cyber risks. As a frequent industry speaker and mentor, Doyle continues to influence Australia’s cybersecurity ecosystem through thought leadership and community engagement.
Heath Neville — Software Engineering Manager & Former Chief Information Security Officer, Enabled Solutions
Heath Neville represents a growing wave of technology leaders who operate across both engineering and security domains. During his tenure as Software Engineering Manager and CISO at Enabled Solutions, Neville successfully combined development leadership with enterprise security oversight.
His background in software engineering and DevOps gives him a unique perspective on embedding security directly into development workflows. Neville has led initiatives ranging from SOC 2 compliance and security governance implementation to large-scale agile and cloud transformation programs. His multidisciplinary approach highlights how modern security leadership increasingly overlaps with engineering innovation and organisational culture building.
Where Security Leadership Is Headed Next
The role of cybersecurity leadership in Australia’s IT services sector continues to expand beyond traditional risk management. Today’s leaders are shaping digital transformation strategies, influencing product development, and driving cultural change within organisations that depend heavily on technology-enabled services.
As cyber threats grow more sophisticated and regulatory expectations continue to rise, the leaders highlighted here demonstrate that effective security is no longer just about defence, but also about enablement. Their ability to balance technical expertise, business alignment, and people-focused leadership signals a broader shift in how cybersecurity will evolve across Australia’s technology and services industries in the years ahead.