Privacy Jobs in Australia: Who are the employers and what are they looking for?

Is there a privacy skills shortage in Australia?  Privacy 108 is taking a deeper look to try and understand what is going on with the privacy profession in Australia, whether there is a skills shortage and, if there is, how might it be addressed.

In our earlier post, we looked at:

• How many privacy jobs are advertised in Australia?
• What can we learn from the fluctuations in jobs advertised?
• Where are those jobs advertised?

In this post, we look at:

• Which sectors are the most frequent advertisers for privacy professionals in Australia?
• What sort of roles are they looking to fill?
• What skills are they looking for?

As explained in more detail below we do not have data on the total number of  jobs advertised.  However, we track the number advertised on a quarterly basis and can compare quarter on quarter results to support this analysis.

Who advertises for privacy jobs in Australia?

By sector

From December 2018, we have reviewed job ad’s and allocated the advertiser to one of nine (9) industry sectors.  Based on this analysis, government agencies and utilities have been the most frequent advertisers followed by professional services firms and corporates.

By organisation

Over the last four years (from 2021), the following organisations had the highest number of ads (not including recruiters):

It is worth noting:

• Although government agencies advertised the most out of all industry sectors – only one of those agencies (NSW Department of Customer Service) made it into the top 10, or even the top 20 advertisers, based on the total number of ads;
• Similarly, even though banks were the third most-frequent advertisers, only one bank made it into the top 20 – NAB at number 19.
• In some cases, the high number of job ads is because the same position was advertised multiple times, rather than each ad representing a different position.  For example, although RSM had 24 ads there were only 2 real positions they were looking to fill – either Manager – Security & Privacy in Perth, Brisbane, Sydney and Melbourne or as part of the Cyber Security & Privacy Risk Graduate Program.

To give more context to the above data, we have done a deeper dive into the 25 job posts by Canva. There were only 9 different jobs covered by the 25 job posts.  These jobs were:

Advertising the same role over repeated periods suggests issues with filling particular roles (thus requiring that they be re-advertised).

What sort of roles are they looking to fill?

As part of our analysis we categorise the jobs advertised, based on the job title and the job description into three categories:

• Compliance: This group includes all roles that are part of the compliance or risk function or where the role has a focus on compliance;
• Legal: This group includes roles that require a legal degree or legal background or which are part of the legal department or report to the legal counsel;
• Technical: This group includes roles with a technical focus such as privacy engineers.

Looking at the jobs advertised between January 2022 and March 2025, the total numbers by role type show privacy very clear being seen as a compliance role, over legal and tech:

The focus on privacy as a compliance role is an important finding.  It can mean that privacy is seen as an issue of regulatory compliance only, rather than supporting the retention of trust and confidence of stakeholders as part of broader digital transformation initiatives.

There’s no clear trend (e.g. growth in compliance matches decrease in legal) looking at the number of different jobs types advertised between 2022 – 2024.  The number of compliance roles stays fairly constant while legal roles drop over each of the three years from 2022 – 2024:

The move from privacy out of legal could indicate a growing acceptance of privacy as a broader issue than a legal one – and requiring a more operational risk management approach.

What skills are employers looking for?

The major themes from the ads demonstrate the breadth of skills and responsibilities for privacy professionals.

Not surprisingly, given the focus on compliance roles for privacy professionals, many ads refer to designing, implementing, and managing privacy compliance frameworks, conducting risk assessments, and developing mitigation strategies to ensure adherence to privacy laws and regulations.   

Other themes include:

• Strategic Leadership in Privacy and Data Governance: Explores senior roles emphasizing strategic oversight, stakeholder collaboration, and driving organizational culture around privacy, data governance, and regulatory compliance.
• Legal Expertise in Privacy and Data Protection: Highlights roles requiring legal qualifications and experience in privacy law, data protection, and regulatory compliance, including advising on legislation and managing privacy-related legal matters.
• Privacy Impact Assessments and Incident Management: Covers tasks related to conducting Privacy Impact Assessments (PIAs), managing privacy incidents, and implementing processes to mitigate risks and ensure compliance with privacy standards.
• Training and Awareness in Privacy Practices: Highlights responsibilities related to educating employees on privacy obligations, conducting training sessions, and fostering a culture of privacy awareness within organizations.
• Privacy in Emerging Technologies: Addresses privacy challenges posed by advancements in AI, machine learning, and other technologies, including responsible AI and privacy engineering initiatives.
• Privacy Policy Development and Implementation: Insights into the creation, amendment, and operationalization of privacy policies and frameworks within organizations to address compliance and risk management.

The expertise themes looked for in privacy professionals demonstrates an important finding: privacy professionals are expected to be able to do almost everything – from strategic leadership to policy writing and implementation.  Could this also be part of the problem with finding appropriate candidates?

It is also worth noting that the skills described do not include:

• Responding to data subject access or correction requests;
• Handling privacy complaints.

Given the experience overseas, this might be an area where we see more action as Australians become increasingly aware of their privacy rights (limited as they still are)…

Our Methodology

Since December 2018, Privacy 108 has been collecting data on privacy jobs advertised in Australia.  

Our research takes jobs advertised on a quarterly basis – aggregating all the jobs advertised around the 25th of the last month of the quarter.  This allows us to compare data on a quarterly basis.  We do not collect the total number of jobs advertised each quarter – just the ads published on a particular date each quarter which we compare to similar data from the previous quarter.   

We take jobs advertised on Seek.com and Indeed.com. From September 2021 we added in jobs added on LinkedIn.  This did make a different to the total number of jobs and means that analysis is best done on data from September 2021 (where LinkedIn data is included).

Using that data we regularly publish:

• Quarterly job reports.  Our report on jobs in Q1 2025 is available here. Our report on jobs July to September 2024 is available here.
• Annual job reports, looking at what the job ads tell us about privacy skills recruitment over 12 months.  Our 2024 Privacy Jobs Report is available here.