The
Cyber Security Act 2024 (the Act) establishes the Cyber Incident Review Board (the Board) as an independent advisory body to conduct no-fault, post-incident reviews of significant cyber security incidents in Australia. An Expert Panel, drawn from a pool of industry sector experts according to the specific review, will support the Board.
Recent cyber-attacks have shown that government and industry need to learn more from these events. The Board reviews will identify the contributing factors to cyber incidents to help both sectors prepare for future cyber attacks. At the completion of a review, the Board will provide recommendations to government and industry on its findings. These recommendations aim to prevent, respond to or minimise the impact of similar incidents and uplift Australia’s cyber resilience in the future.
The Board will only review an incident after it has occurred and initial investigation and response efforts have been completed. Reviews will focus on a single incident or a group of similar incidents. These may share features such as attack method, type of system affected, or a known vulnerability.
The Board does not assign blame or determine who is responsible for an incident. Published reviews will not include personal or classified information, including anything that could affect national security, defence, or international relations of the Commonwealth.
Expression of interest for appointments to the Cyber Incident Review Board now open
The Department of Home Affairs is seeking suitably qualified individuals to establish the Cyber Incident Review Board (the Board). The Minister for Home Affairs will appoint a Chair and up to 6 Standing Members to the Board. Applicants will have the opportunity to nominate the position they wish to be considered for.
The Board will be sourced from our community and business sectors to represent Australia’s rich diversity in professional experience, gender, cultural background and age.
The Chair position is responsible for ensuring the Board complies with the legislative obligations of the Act and other relevant legislative frameworks.
The Chair will lead the reviews and oversee the governance and strategic direction of the Board.
Standing Members will apply their deep expertise to identify and analyse complex systemic issues which led to or enabled a cyber-incident. They will leverage their stakeholder networks to collect diverse perspectives to distil into insightful reports and recommendations. These will be used to uplift cyber preparedness across the Australian cyber ecosystem.
Standing members will work collaboratively to support the governance of the Board and support the Board in the appointment of the Expert and Review Panels.
The Cyber Security (Cyber Incident Review Board) Rules 2025 (the Rules) establish a broad set of eligibility criteria for the Board, covering significant experience across Australia’s critical infrastructure sectors, crisis response and management, cyber security and legal and corporate governance qualifications. Appointees must also hold a Negative Vetting 1 security clearance in order to leverage classified materials in the conduct of a review.
In addition to the criteria and other requirements, preferred candidates will demonstrate experience holding a Board position or positions, with strong senior leadership and strategic experience at an executive or advisory level. They will also have significant experience in cyber security.
For more information on the role of the Board and the requirements for the available roles, refer to the position description.
How to apply
We invite interested candidates to review the position description and submit an application that demonstrates their suitability for the Board appointment. Applicants should base their submission on the selection criteria and the requirements of the role.
See Expression of Interest: Cyber Incident Review Board position description.
Your application must include a:
- current CV (maximum 2 pages) outlining relevant qualifications, Board or executive experience and areas of expertise.
- completed application form, including a written statement (maximum 500 words) outlining your suitability for the role.
Complete the applicant response form
Applications close on 11:59pm AEST 6 October 2025. We will not accept late applications.
If you are unsuccessful for a Board position or are not eligible, but have relevant professional expertise, you might like the Board to consider you for a position on the Expert Panel.
Following the appointment of the Board, the Department will establish an ongoing EOI process on this page for future appointments to the Board and to fill vacancies.
The Expert Panel
The Expert Panel comprises professional individuals from across the public and private sector. These individuals have expertise in cyber security, legal or sector-specific areas that the Board can invite to assist in when conducting reviews.
Once established, the Board will undertake an EOI process to appoint suitable individuals to the Expert Panel. The Rules establish a harmonised set of eligibility criteria for the Expert Panel and the Board. Appointees to the Expert Panel must also hold a Negative Vetting 1 security clearance in order to be eligible to work on a Review Panel.
If you meet the eligibility criteria for the Expert Panel, you can register to receive a notification when the Board commences an EOI process.
You can do this by emailing your contact information to
CIRB.Enquiries@homeaffairs.gov.au.
