Job Description
Cyber Governance, Risk and Compliance Specialist (Hybrid)
Location: Brisbane
About the Role
* Develop, maintain, and communicate enterprise information security policies, standards, procedures, and guidelines
* Lead and execute risk assessments (e.g., asset, vendor, application) and coordinate remediation tracking and reporting
* Maintain the compliance program for applicable regulations and frameworks
* Manage internal and external audits and assessments, including preparation of evidence, remediation plans, and auditor engagement
* Operate or oversee third‐party risk management: vendor due diligence, contract security clauses, and ongoing monitoring
* Coordinate security control implementation and validation across IAM, encryption, logging, patching, network segmentation, and endpoint protections
* Develop metrics and reporting for leadership and the board: risk heat maps, compliance status, control effectiveness, and security incident trends
* Drive security awareness and training programs for employees and contractors
* Support incident response and root‐cause analysis with a focus on lessons learned and control improvements
* Advise product and engineering teams on secure design, privacy‐by‐design, and compliance requirements for new features and integrations
Basic Qualifications (Required Skills/Experience)
* 3+ years experience in information security governance, risk management, or compliance, with demonstrable experience mapping to ISM or similar national‐level security guidance
* Familiarity with secure configuration baselines, vulnerability management, identity and access controls, and cryptography best practices
* Strong written and verbal communication skills; able to produce policies, control mappings, and concise executive reporting
* Remediate critical and high‐risk ISM findings
* Understanding of security monitoring, incident response, and threat intelligence processes
* Familiarity with security technologies and tools such as SIEM, IDS/IPS, and endpoint protection systems
* Experience with incident handling and response methodologies, including evidence collection and analysis
* Knowledge of security frameworks and standards such as Australian Government ISM, NIST, ISO 27001, or CIS Controls
* Strong analytical and problem‐solving skills
* Excellent communication and collaboration skills to work effectively with cross‐functional teams
* A NV1 clearance with the ability and willingness to obtain a NV2
Preferred Qualifications (Desired Skills/Experience)
* Bachelor's degree in computer science, Information Security, or a related field (or equivalent experience)
Benefits
* Cutting edgeprojects
* Flexible working options
* Competitiveremunerationand incentive plan available
* Discounts for health insurance,traveland accommodation
* Salary packaging options
* Health and wellbeing benefits
Export Control Requirements
This is not an Export Control position.
Relocation
Relocation assistance is not a negotiable benefit for this position.
Security Clearance
Applicants must be Australian Citizens to meet defence security requirements with the ability to obtain Australia Negative Vetting Level 1 clearance.
Visa Sponsorship
Employer will not sponsor applicants for employment visa status.
Equal Opportunity Employer
We are an equal opportunity employer. We do not accept unlawful discrimination in our recruitment or employment practices on any grounds including but not limited to; race, color, ethnicity, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military and veteran status, or other characteristics covered by applicable law.
We have teams in more than 65 countries, and each person plays a role in helping us become one of the world's most innovative, diverse and inclusive companies. We are proud members of the Valuable 500 and welcome applications from candidates with disabilities. Applicants are encouraged to share with our recruitment team any accommodations required during the recruitment process. Accommodations may include but are not limited to: conducting interviews in accessible locations that accommodate mobility needs, encouraging candidates to bring and use any existing assistive technology such as screen readers and offering flexible interview formats such as virtual or phone interviews.
#J-18808-Ljbffr