Location: Canberra
NV1 Clearance required
Hybrid Role
12 months contract with 2 extensions
Role Overvie
wSeeking a motivated Cyber GRC Specialist to strengthen cybersecurity governance, risk management, and compliance capabilities within a complex government environment. The role focuses on ensuring cybersecurity practices align with regulatory obligations, industry standards, and organizational objectives while supporting both legacy and modern ICT platforms
Key Responsibiliti
esCyber Governance & Complian
* ceSupport the implementation and continuous improvement of cybersecurity governance framework
* s.Develop, implement, and maintain cybersecurity policies, standards, procedures, and governance control
* s.Ensure compliance with Australian Government security frameworks including PSPF, ISM, and Essential Eigh
* t.Support alignment with industry standards such as ISO 27001 and NIST Cybersecurity Framewor
k.Risk Manageme
* ntConduct cyber risk assessments and facilitate risk identification, analysis, evaluation, and treatment plannin
* g.Maintain and update enterprise cyber risk register
* s.Monitor cyber risk posture and recommend mitigation strategies to reduce organizational risk exposur
* e.Perform third-party and vendor security risk assessments and due diligence activitie
s.Audit & Assuran
* ceCoordinate and support internal and external cybersecurity audit
* s.Collect, review, and maintain audit evidence to demonstrate complianc
* e.Track audit findings and remediation activities through to closur
* e.Contribute to assurance programs across ICT systems, projects, and operational environment
s.Stakeholder Engagement & Reporti
* ngCollaborate with technical teams, business stakeholders, external partners, and project teams to enhance security maturit
* y.Prepare and present governance reports, dashboards, risk metrics, and compliance update
* s.Provide actionable insights and recommendations to governance committees and senior leadershi
* p.Support governance forums and decision-making processes through effective reporting and analysi
s.Security Awareness & Continuous Improveme
* ntPromote security awareness and governance best practices across the organizatio
* n.Support continuous improvement initiatives to enhance cybersecurity capability and compliance maturit
* y.Assist in uplifting security controls across both legacy and cloud-based environment
s.Technical Skills & Experien
* ceDemonstrated experience in Cyber Governance, Risk, and Compliance (GRC) role
* s.Strong understanding of Australian Government cybersecurity frameworks, includin
* g:Protective Security Policy Framework (PSP
* F)Information Security Manual (IS
* M)Essential Eight Maturity Mod
* elExperience with industry standards and framework
* s:ISO 270
* 01NIST Cybersecurity Framewo
* rkExperience using GRC platforms such a
* s:ServiceNow G
* RCArch
* erProtec
* htSimilar governance and risk management too
* lsSound understanding of enterprise ICT and cloud security environment
* s.Experience supporting audit, assurance, compliance monitoring, evidence management, and remediation trackin
* g.Strong stakeholder management, communication, and reporting skill
* s.Ability to manage competing priorities and contribute to both strategic and operational cybersecurity outcome
#J-18808-Ljbffr