Cyber Assurance - Third Party Security Risk Management Senior Associate
We are public purpose sector specialists who support governments and their agencies, and not-for-profit organisations, to deliver services to Australians, helping to build more resilient, equitable, secure and prosperous communities. We are guided by our values of Stronger Together, Amplify Impact, Build Trusted Relationships, Value Every Person, Think Beyond Limits, and Defined by Ethics.
Company Description
We are public purpose sector specialists who support governments and their agencies, and not-for-profit organisations, to deliver services to Australians, helping to build more resilient, equitable, secure and prosperous communities. We are guided by our values of Stronger Together, Amplify Impact, Build Trusted Relationships, Value Every Person, Think Beyond Limits, and Defined by Ethics.
Skills
Our purpose-driven professionals provide clients with access to the skills, capabilities and expertise to support the delivery of government agendas and public purpose projects, with specialist teams across three national practices:
- Transformation
- Risk, Programs and Cyber
- Commercial, Financial and Infrastructure
Cyber & Tech Risk
The mission of our Cyber & Tech Risk (C&TR;) practice is to increase public trust and participation in government digital services; a key driver in improving Australia’s productivity, equality, resilience, and prosperity. Our subject matter specialists bring scale and expertise across all phases of cyber transformation covering advisory and assurance, privacy and data governance, digital identity, technology implementation, and ongoing security operations.
Cyber Advisory
Our Cyber Assurance specialists combine the skills and discipline of an auditor with technical know-how and expertise across a broad range of technology risk disciplines. With a focus on improving the resilience of information systems, our Cyber Assurance team support our clients with a range of fascinating and complex technology challenges.
A day in the life of a Cyber Assurance consultant ranges from mastering and applying the broad range of cyber frameworks we implement (e.g. NIST, PSPF/ISM, ISO27k, etc.), to assessing the core processes and controls that ensure the availability and performance of complex technology solutions, to advising our clients on core IT Resilience strategies in relation to disaster recovery and business continuity for mission-critical systems.
Job Description
The Role and Responsibilities
As a Senior Associate In Our Cyber Assurance Team, Focused On Third Party Security Risk Management, You Will Create Value By
- Delivering third-party risk assessments: Supporting clients in identifying, assessing, and managing security risks associated with vendors, suppliers, and other third parties across the full lifecycle of third-party engagements.
- Advising on frameworks and standards: Applying your knowledge of cyber and risk frameworks (e.g. NIST CSF, ISO27001, CIS18 ISM/PSPF, COBIT) to evaluate third-party risk management programs and recommend practical improvements.
- Supporting assurance and remediation activities: Performing vendor due diligence, control testing, and audit reviews, and working with clients to close security gaps or enhance supplier oversight processes.
- Collaborating on transformation initiatives: Contributing to the design and implementation of third-party risk management operating models, governance structures, and enabling technologies.
- Coaching and knowledge sharing: Providing guidance and support to junior team members, sharing insights and practical approaches to third-party security challenges.
- Contributing to growth and innovation: Assisting in the development of new methodologies, tools, and service offerings in response to evolving market and regulatory expectations around third-party risk.
Qualifications
About You
As a Senior Associate, technically, you will bring to the position:
- 2+ years’ experience in cyber security, technology risk, or third-party risk management, ideally gained through consulting, assurance, or a second line of defence role.
- Familiarity with third-party risk processes (e.g. due diligence, onboarding, assurance reviews, ongoing monitoring, exit/offboarding).
- A working understanding of cybersecurity and IT risk frameworks (e.g. NIST CSF, ISO27k, ISM/PSPF, COBIT) and how they apply to vendor environments.
- Strong analytical and problem-solving skills, with the ability to work autonomously and deliver high-quality outcomes under time pressure.
- (Desired but not mandatory) Certifications such as CISA, ISO27001 Lead Implementer/Lead Auditor, CISSP, or cloud security certifications (AWS/Microsoft).
- (Mandatory) Ability to obtain an Australian Government security clearance.
We offer a range of benefits, including market leading Parental Leave, flex working, additional leave, and employee share options. We also provide wellness and lifestyle perks, and a digital care platform to support your wellbeing.
#J-18808-Ljbffr
📌 Cyber Assurance - Third Party Security Risk Management Senior Associate
🏢 Scyne Advisory
📍 Melbourne