Job Info
Location: CREMORNE, VIC
Salary: >$100,000
Job Type: Permanent position | Full time position
Job Description
About the role The Senior GRC Security Consultant leads governance, risk and compliance (GRC) engagements for Spartans Security clients, providing expert advice and hands-on delivery across security strategies, control frameworks (e.g. ISO/IEC 27001, NIST CSF, ASD Essential Eight), risk assessment, incident response uplift, policy development, and security program roadmaps. The role operates in a CISO-as-a-Service capacity across multiple customers, building stakeholder trust, uplifting security posture and ensuring alignment with regulatory and industry requirements.
Core Tasks and Duties
* Independently scope and deliver security GRC engagements including assessments against ISO/IEC 27001, NIST CSF and ASD Essential Eight; develop remediation roadmaps and maturity uplift plans.
* Conduct cyber governance, risk and compliance activities, including assessing cyber risks, reviewing security controls, and ensuring alignment with security frameworks, standards, and best practices.
* Lead or contribute to cyber security assessments, including control effectiveness reviews, gap analyses, compliance reviews, and the development of security standards, policies and guidelines.
* Analyse and investigate cyber security incidents and breaches, performing root cause analysis, assessing impact, and recommending corrective actions to strengthen future resilience.
* Monitor security alerts, threat intelligence, logs and events, identifying potential security risks and undertaking threat hunting activities to detect malicious activity or vulnerabilities.
* Coordinate and lead incident response operations, including containment, eradication, recovery and post incident reporting, and manage collaboration across internal and external teams.
* Develop and maintain cyber security architecture, ensuring secure design principles are applied across systems, networks and cloud environments, and recommending improvements based on emerging threats.
* Provide specialist cyber security advice and guidance to senior leaders, project teams and business stakeholders on security strategy, risk mitigation and security best practices.
* Implement, review and uplift security controls, including identity and access management (IAM), network security, endpoint protection, vulnerability management and cloud security controls.
* Coordinate Security Operations Centre (SOC) functions, including case management, escalation handling, SIEM/SOAR workflows and ongoing monitoring improvements.
* Support the development and implementation of cyber policies, procedures and documentation, including incident response plans, standard operating procedures, audit evidence and compliance reports, ensuring alignment to customer risk appetite and regulatory obligations (e.g., APRA CPS 234, SOCI where applicable).
* Participate in internal and external cyber security audits, coordinating activities, preparing documentation, responding to findings and ensuring continuous improvement.
* Deliver cyber awareness and training support, helping improve cyber maturity across the organisation by coaching staff on cyber risks and secure practices.
* Accept responsibility for the processes, procedures and operational management associated with system security and disaster recovery planning.
* Analyse, recommend, install and maintain software security applications; monitor contractual obligations, performance delivery and service level agreements (SLAs).
* Perform CISO-as-a-Service functions for multiple customers, including risk governance, executive reporting, board briefings and program oversight.
* Review, uplift and test incident response plans; coordinate exercises and lessons-learned to strengthen cyber resilience.
* Provide subject matter expertise on operational security processes (incident/vulnerability management, system hardening, security governance) across on-premises and cloud environments (e.g., Microsoft 365/Azure, AWS).
* Maintain and govern Information Security Risk Registers; track treatments and drive timely remediation with accountable owners.
* Define methodologies for identifying critical information assets and associated risks; perform business impact analyses and control mapping.
* Lead stakeholder engagement with client executives, vendors and service providers; act as a trusted governance and assurance liaison.
* Produce high-quality deliverables (assessment reports, statements of applicability, audit findings, metrics dashboards) and present outcomes to technical and non-technical audiences.
* Mentor junior consultants, contribute to service development and support the creation of new GRC offerings and reusable accelerators.
* Support pre-sales activities including proposal input, level-of-effort estimation and solution design for GRC engagements.
Required Skills and Experience:
* Demonstrated experience delivering senior-level GRC engagements across multiple industries (consulting or in-house).
* Deep knowledge of security frameworks and regulatory standards (ISO/IEC 27001, NIST CSF, ASD Essential Eight, PCI DSS; desirable: APRA CPS 234, SOCI).
* Proficiency in security governance, risk assessment, control design, policy development and metrics/reporting.
* Strong stakeholder management, communication and influencing skills, including executive reporting.
* Hands-on familiarity with enterprise and cloud environments (e.g., Microsoft AD, Microsoft 365/Azure, AWS) and common security controls (firewalls, EDR/SIEM, WAF, IAM).
* Ability to work independently across concurrent engagements, meeting deadlines and quality expectations.
Qualifications & Experience?
* Bachelor’s degree in information security, Computer Science, Information Systems or related discipline (or equivalent experience).
* 10+ years’ total experience in information security, including 4+ years in security consulting and/or GRC leadership roles.
* Experience working within international or multinational organisations (particularly in the telecommunications or banking sectors) is highly regarded.
* Exposure to global security standards and cross-border GRC or cybersecurity programs across diverse geographic environments is strongly preferred.
* Must hold at least three of the following relevant certifications: CISSP, CISM, CRISC, CISA, ISO/IEC 27001 Lead Implementer, and ISO/IEC 27001 Lead Auditor.
* Evidence of continuing professional development and familiarity with current threat and compliance landscapes.
Right to Work Requirement: Applicants must have the legal right to work in Australia at the time of application. Working Conditions
This is a permanent base role, with hybrid work arrangement (2 days remote + 3 days from office) and open to candidates in Melbourne that have full working right/visa. Hybrid work model (on-site client meetings as required). Some interstate travel may be required based on client needs.
What you need to do: If this sounds up your alley, please send your CV’s through to ****@spartanssec.com Spartans Security is an equal opportunities employment agency, valuing the contribution made by all people and welcomes applications from people with disability, Aboriginal Australians, people of all ages and from culturally diverse backgrounds. About Spartans Security Spartans Security is a leading provider of cybersecurity consulting services, serving a diverse range of clients across Education, Retail, Local government and financial sectors. Our mission is to empower organisations to navigate the evolving threat landscape and safeguard their critical assets.
With a team of highly skilled professionals and a commitment to innovation, we are at the forefront of the security industry, delivering tailored solutions that drive business resilience and success. Apply now to become our next Microsoft Security Consultant and join our mission to protect the digital future.