Information Security GRC Analyst | Security Advisory Team
About the Organisation:
Our client is a well-established not-for-profit organisation with a strong reputation for member service and community commitment. With operations across Australia, they are dedicated to supporting the health and well-being of their members while maintaining exceptional standards of security and regulatory compliance.
Their Security Advisory team is central to protecting member data and maintaining organisational resilience in an increasingly complex cyber threat environment. This is a genuine opportunity to join a mature security function within a stable, values-driven organisation.
The Opportunity:
An exciting opportunity exists for an experienced Information Security GRC Analyst to join a dedicated Security Advisory team within a leading Victorian organisation. In this role, you'll be instrumental in strengthening the organisation's cyber governance, risk, and compliance framework while working closely with technical teams and senior stakeholders.
This role offers the chance to make a meaningful impact on the organisation's security posture within a specialised function that is central to enterprise risk management and regulatory compliance strategy.
What You'll Do:
* Assess security controls across enterprise applications, services, systems, and infrastructure to ensure they effectively address organisational risks
* Conduct comprehensive cybersecurity risk assessments, audits, and compliance reviews
* Collaborate with technical stakeholders and subject matter experts to drive remediation of identified control deficiencies
* Monitor and assess compliance with ISMS policies, regulatory requirements (CPS 234, PCI DSS), and industry standards
* Support internal, external, and regulatory audits, tracking and monitoring remediation activities
* Maintain compliance programs to meet regulatory obligations, including APRA CPS 234, PCI DSS, Privacy Act, and SOCI
* Provide expert security advisory and translate complex cybersecurity concepts into pragmatic business language for stakeholders
* Drive continuous improvement across cyber governance, risk, compliance, and assurance domains
What You'll Bring:
Essential:
* Bachelor's degree in a related field or equivalent practical experience
* Proven experience in an Information Security or Cyber GRC function
* Significant experience in testing the design and effectiveness of security controls
* Strong understanding of regulatory requirements, security standards, and industry frameworks
* Demonstrated knowledge of IT Governance and Cyber risk management principles
* Experience conducting risk assessments and participating in audit activities
* Excellent communication skills with the ability to translate technical concepts for diverse audiences
* Strong stakeholder management and relationship-building capabilities
Highly Desirable:
* Experience in the health insurance industry or financial services sector
* Working knowledge of APRA CPS 234 obligations and requirements
* Familiarity with PCI-DSS, SOCI Act, Privacy Act, and related regulatory frameworks
* Relevant certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Auditor
What's on Offer:
* Two-year fixed-term contract — $155K package
* Flexible, hybrid working (Geelong head office)
* Make a real impact by protecting member data and organisational resilience
* Career growth with exposure to regulatory frameworks and senior stakeholders
* Work collaboratively with technical specialists and business leaders
* Competitive remuneration with comprehensive employee benefits
* Join a purpose-driven, not-for-profit organisation supporting members and the community
How to Apply
If you're passionate about cybersecurity governance and want to make a real difference in protecting your members, we'd love to hear from you.
To apply or learn more,
Our client is an equal opportunity employer committed to creating an inclusive environment for all employees.