AboutAARNet
Australia's Academic and Research Network (AARNet) wasestablishedin 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect,builderand operator of world-class network infrastructure for research and education.
As Australia's National Research and Education Network (NREN). We connect over one million users — researchers, faculty, staff, students, hospitals, vocational training providers,schoolsand museums — across Australia.
We are an organisation of innovators, doers, and courageous thinkers.Wedon'tsettle for the status quo; instead, weanticipatethe future needs of our customers and build solutions today.If you share our imagination, foresight, and drive to shape the future, why not come and join us?
https://www.aarnet.edu.au/
Role Purpose
TheComplianceAnalystis responsibleformanaging third party risks withinAARNet.
Initially,the role will focus on conducting and managing detailed risk assessments and due diligencefor Operational Technology (OT), Information Technology (IT), and network suppliers withinAARNet, which also includesmaintainingthe supplier register, tracking remediation actions, and contributing to process improvements.
The role will oversee the supplier lifecycle and ongoing risk monitoring, advising business units and ensuring compliance withthe relevantAARNetpolicies and processes, whilst supporting the operationalisation and enhancement of theAARNetSupplier Management Framework.
KeyAccountabilities
In this role, your mainresponsibilitiesare:
Supplier Due Diligence and Risk Management
* Conduct risk assessments of suppliers, including network, IT, and OT platforms, evaluating operational,financial, business continuity, FOCI, and technology lifecycle risks.
* Review contracts for risk exposure and develop supplier risk scoring, dashboards, and reports.
* Maintainthesupplierregister, includingrisk scorings,assessmentoutcomesandtrack remediations
* Execute and optimisethesupplier risk managementprocess, ensuring it is efficient, consistent, and aligned with regulatory and internal requirements.
* Maintain documentation and reporting to support governance, audits, and regulatory compliance.
* Manage continuous supplier risk monitoring, track Key Risk Indicators (KRIs) and relevant Key Performance Indicators (KPIs), conduct periodic reassessments, and elevate high-risk exposures.
Supplier Lifecycle & Governance
* Oversees theend-to-endsupplier lifecycle, ensuring critical suppliers are managed in line with the processes
* Guide business units on compliance withSuppler Managementprocessesand provide support where needed
* Validate supplier criticality,categorisationand risk tieringto support decision making
* Track supplier remediation plans,onboarding,renewals, and exit processes.
Collaboration & Process Improvements
* Coordinate and work with Business,Technology, Operations, Finance, Legal, and Cyber Security teamson supplier management activities
* Support security and technical risk validation whererequired(security knowledge preferred but not mandatory)
* Identifyand implement improvements tosupplier risk assessment processes, tools, reporting, and governance
* Assistinoperationalising andenhancingthe Supplier Management framework,templatesand documentation.
Skills, experience & qualifications
Qualifications
* Bachelor's degree in Business, Engineering,Telecommunications,IT,Law,or related field
* Preferred but not mandatory:
* Knowledge of information security principles
* Professional certificationsin risk management, procurement, or cyber security(e.g.CRMP, CPSM,CIPS, CTPRP,ISO)
Experience
* 3 –6years' experience insupplier, third party, or operational risk management, preferably in technology/IT/Network or related environments
* Experience inconductingrisk assessments
* Experience collaborating with cross-functional teams (Finance,Operations, Technology, Cyber, Legal)
* Familiarity withsupply chain,procurementand third-party life cycle management
* Knowledge or experience with contract managementpreferred
Skills
* Strong operational and analytical skills
* High attention to detail and accountability
* Governance mindset with ability to enforce compliance
* Excellent stakeholder management and influencing skills
* Structured documentation and reporting skills
* Ability to challenge business units constructively
* Ability to influence stakeholders to drivean outcome
* Effective communication skillsto ensuremanagement are aware of the risks and actions in their areas
#J-18808-Ljbffr