What is NEXTDC’s Chief Security, Sovereignty and Government Affairs Officer role?

It is a new executive role at NEXTDC (ASX: NXT), sitting on the Executive Leadership Team and reporting to the CEO. The officer owns NEXTDC’s sovereign security credentials under the Hosting Certification Framework, its obligations under the Security of Critical Infrastructure Act, physical security operations, and engagement with Defence, intelligence and regulatory stakeholders. The listing positions it as a strategic capability rather than a traditional security function, and explicitly ties it to commercial differentiation.

Is this the same as a chief information security officer?

No. NEXTDC’s listing states that operational cyber security remains within the Chief Technology Officer’s organisation. The new officer owns the external security narrative and acts as the senior interface between cyber security, government, customers and regulators. The profile is drawn from Defence, intelligence, national security or Home Affairs, and an Australian Government NV2 clearance is essential.

Why is NEXTDC creating this role now?

The certified market is effectively closed. The Department of Home Affairs paused new Certified Strategic applications on 3 November 2025, leaving incumbents like NEXTDC inside a fixed set of operators. Demand for sovereign and national-security-grade AI hosting is rising, signalled by the ASD’s Anthropic contract and Anthropic’s Project Glasswing expansion. The role institutionalises NEXTDC’s government relationships and certification advantage at executive level.

NEXTDC creates a sovereignty and government affairs seat on its executive team

At a glance

NEXTDC (ASX: NXT) is recruiting a Chief Security, Sovereignty and Government Affairs Officer, a new role on the Executive Leadership Team reporting to the CEO, based in Sydney, Melbourne or Canberra.
The role owns NEXTDC’s sovereign credentials under the Hosting Certification Framework, its Security of Critical Infrastructure Act obligations and the Critical Infrastructure Risk Management Program, alongside physical security operations and government engagement.
Operational cyber security stays with the Chief Technology Officer. This executive owns the external security narrative and the interface with Defence, ASD, ACSC, ASIO, Home Affairs and regulators.
An Australian Government NV2 clearance is essential, with Top Secret Privileged Access where required. The target profile is senior Defence, intelligence, national security or Home Affairs experience.
The announcement landed days after Scroggie presented a positive Australian outlook at DCD Connect APAC in Bali from 9 to 11 June 2026.

A C-suite seat for credentials NEXTDC already holds

NEXTDC’s facilities are Certified Strategic under the Commonwealth Hosting Certification Framework, and the new role exists to own and extend it.

In announcing the role, Scroggie set out what those facilities carry. NEXTDC’s infrastructure supports Defence, government services, online banking, hospitals, energy networks, air traffic, cloud and AI, he wrote, “under some of Australia’s highest assurance standards.” He described the mandate in three parts: protect the infrastructure, shape the sovereign security framework around it, and represent NEXTDC at the highest levels of government.

The mandate bundles four responsibilities that usually sit in separate parts of an organisation.

Mandate	What it covers
Sovereign credentials	HCF Certified Strategic status, the highest government assurance tier
Critical infrastructure	SOCI Act obligations and the Critical Infrastructure Risk Management Program
Physical security	Site security operations and critical-infrastructure protection programs
Government affairs	Executive relationships across Defence, ASD, ACSC, ASIO, Home Affairs and regulators

Source: Certified Strategic Editorial, based on the NEXTDC job listing, June 2026.

Why a national-security profile, not a CISO

Operational cyber security remains under the CTO, so this is not a chief information security officer. The clearance bar defines what it is. An NV2 clearance is essential, with the ability to obtain Top Secret Privileged Access, and the listing draws its target candidate from Defence, intelligence, national security, Home Affairs or law enforcement. NEXTDC is recruiting someone who can engage ministers, regulators and intelligence leaders as a peer.

That bar maps to where the demand is heading. As our coverage of Anthropic’s Australian federal contracts set out, security agencies including the Australian Signals Directorate are buying frontier AI on the formal ground that no local equivalent exists. The provider that government and Defence trust to host that class of workload is chosen in rooms this role is built to enter.

Sovereignty as the dividing line

The certified perimeter is frozen: the Department of Home Affairs paused new Certified Strategic applications on 3 November 2025, and NEXTDC sits inside the closed set of operators that hold the tier. Under the SOCI Act, Certified Strategic providers are exempt from the Risk Management Program because certification discharges that obligation, so the credential does double duty.

At the same time, the neocloud build-out is producing capacity that is AI-ready but not sovereign-grade, a distinction we set out in our neocloud market report. NEXTDC is staffing the sovereign-grade end of that split at executive level.

Where the same functions sit at other operators

The work this role covers is not new to the sector. Every major Australian operator already engages government, runs physical security and staffs cleared personnel. What differs is how they organise it. NEXTDC’s peers spread these functions across separate roles, mostly below the executive-leadership line or inside business units, rather than consolidating them into one C-suite seat.

Operator	Comparable function today	Where it sits
NEXTDC	Chief Security, Sovereignty and Government Affairs Officer (new)	Executive Leadership Team, reports to the CEO
CDC Data Centres	Combined Chief Information Officer and Chief Security Officer; government partnership led by the founder-CEO	Sovereignty is the company’s core model; security sits with the CIO
Macquarie Technology Group	Macquarie Government, led at managing-director level, with 200-plus NV1-cleared staff	Government and cyber run as a dedicated business unit
AirTrunk	Head of Government Relations	Reports to the Deputy CEO; government affairs only
Equinix	Global VP Public Policy and Government Affairs; ANZ Defence and national security sales; Director, Physical Security Enablement	Split across a global policy office and regional roles

CDC, the operator closest to NEXTDC on government workloads, runs security through a combined CIO and Chief Security Officer and treats sovereignty as the founding company model rather than a named portfolio. Macquarie carries the deepest cleared-staff base of the group and runs government as a business unit under a managing director. Equinix splits the work between a global public-policy office and Australian Defence and physical-security roles. On the public record, NEXTDC is the first Australian operator to name a single executive spanning security, sovereignty and government affairs at the leadership-team level, reporting to the CEO.

What it means

For NEXTDC, sovereignty is becoming a product line rather than a compliance cost. The surrounding signals point the same way: ASD procuring frontier AI, Anthropic’s Project Glasswing extending defensive AI to Australian critical-infrastructure operators, and Defence elevating infrastructure resilience in national security policy. The role comes days after a bullish Bali outlook from Scroggie and on the back of NEXTDC’s first overseas facility in Kuala Lumpur. The message to hyperscale, government and Defence customers is that NEXTDC intends to compete on trust as much as on megawatts and price.