Vocus People
Discovering the bigger picture
Heshani's career started in a technical role 12 years ago, working hands on with systems and networks at one of Perth's largest mining companies. Over time, she realised her interest lay in the bigger picture — how technical controls connect to business risks and compliance.
"I was really interested in understanding how all those technical controls connect to business risks and compliance," she reflects. "That's what led me into governance, risk and compliance, where I now focus on policies, audits and building a strong security culture across Vocus ."
After gaining valuable experience in mining, Heshani spent several years at the WA Police Force, diving deep into risk and compliance in a law enforcement environment. When she spotted the opportunity at Vocus in 2021, it represented the perfect next step.
"What drew me to Vocus was the chance to finally jump into the telecommunications industry," she explains. "I'd never worked in this space before and was keen to get that experience. It just felt like the right move to broaden my horizons."
Building security into everything
Since joining Vocus as a Senior Security Assurance & Compliance Consultant in Technology & Security, Heshani has grown into a lead role as Governance & Compliance Lead, staying in the same area because it's where she feels she can make the biggest impact.
"What I love about my job at Vocus is how different each day is. I'm not stuck behind a desk just pushing paperwork," she says. Her role spans leading ISO 27001 audits (independent checks that confirm compliance with protecting information to world-class standards), developing security awareness training and ensuring compliance across diverse business units.
Recently, Heshani achieved another significant milestone, becoming an endorsed IRAP (Infosec Registered Assessors Program) assessor. As a cybersecurity professional endorsed by the Australian Signals Directorate, she can now conduct independent security assessments for the Australian Government and its service providers. Vocus sponsored the course, and Heshani is one of the first female IRAP assessors in Western Australia — an achievement that highlights both her technical expertise and Vocus' commitment to developing specialist capabilities.
Another growth moment is running security awareness training. "I spend time picking out modules that actually make sense for people and it's awesome seeing team members get into it and have those 'aha' moments. It's encouraging to know I'm making a real difference in how we think about security."
Rising to major challenges
One of Heshani's most challenging projects was developing 21 policies and 21 standards for Vocus’ acquisition of TPG fibre assets and Enterprise, Government and Wholesale business. "The timeline was tight and there were so many moving parts—from stakeholder reviews to framework alignment," she recalls.
When stakeholders first reviewed the work, their reaction was immediate: "Wow, there's no way we can do all this; it's going to take forever!" But this sparked valuable conversations. "We got to explain that the point isn't to pile on extra work, it's about making sure whatever we build now can grow safely and handle whatever comes next."
The experience developed her leadership and project management skills while reinforcing her view that compliance creates opportunity. "Compliance is like a guardrail, not a roadblock. It's like having a safety net. It doesn't stop you from giving things a go; it just means you can take smart risks without worrying about major stuff-ups."
A collaborative, supportive culture
One of her favourite examples of teamwork was launching new security awareness training. "Instead of just sending everyone a bunch of slides and hoping for the best, we gathered people from all sorts of teams and got them talking about what really happens in their day-to-day. Folks shared stories, gave feedback on quiz questions and even pointed out things we never would've thought of on our own."
The result transformed training from a compliance exercise into something people wanted to be part of. "People actually owned the training because it sounded like them, not just the compliance department. That's pretty much Vocus in a nutshell: people listen, pitch in and make things better together."
Looking ahead
Heshani's advice for anyone starting a career in security and compliance is grounded in her experience: "Stay curious and embrace the pace of change. Cybersecurity and compliance are dynamic areas - what's cutting-edge today might be old news tomorrow."
She emphasises collaboration. "Security isn't just one person's job - it's a shared responsibility. Be open to working with teams across the business and focus on clear, practical ways to embed security into everything you do."
Heshani's work directly supports Vocus' business priorities. "Strong security and compliance practices aren't just about meeting regulations - they're about enabling the business to operate confidently and sustainably. When customers know that their data and our systems are well protected, it strengthens their confidence in the company."
