Job Description
We assist governments and their agencies in building resilient, secure, equitable and prosperous communities by providing access to skills, capabilities and expertise that support the delivery of government agendas and public purpose projects.
Our team works with clients to identify, assess and manage security risks associated with vendors, suppliers and other third parties across the full lifecycle of third-party engagements.
Key responsibilities include:
* Delivering comprehensive risk assessments: Supporting clients in identifying, assessing and managing security risks associated with vendors, suppliers and other third parties.
* Advising on frameworks and standards: Applying knowledge of cyber and risk frameworks (e.g. NIST CSF, ISO 27001) to evaluate third-party risk management programs and recommend practical improvements.
* Supporting assurance and remediation activities: Performing vendor due diligence, control testing and audit reviews, and working with clients to close security gaps or enhance supplier oversight processes.
* Collaborating on transformation initiatives: Contributing to the design and implementation of third-party risk management operating models, governance structures and enabling technologies.
* Coaching and knowledge sharing: Providing guidance and support to junior team members, sharing insights and practical approaches to third-party security challenges.
* Contributing to growth and innovation: Assisting in the development of new methodologies, tools and service offerings in response to evolving market and regulatory expectations around third-party risk.
-----------------------------------
Required Skills and Qualifications
Candidates should have:
* 2+ years' experience in cyber security, technology risk or third-party risk management, ideally gained through consulting, assurance or a second line of defence role.
* Familiarity with third-party risk processes (e.g. due diligence, onboarding, assurance reviews, ongoing monitoring, exit/offboarding).
* A working understanding of cybersecurity and IT risk frameworks (e.g. NIST CSF, ISO 27001) and how they apply to vendor environments.
* Strong analytical and problem-solving skills, with the ability to work autonomously and deliver high-quality outcomes under time pressure.
* (Desired but not mandatory) Certifications such as CISA, ISO 27001 Lead Implementer/Lead Auditor, CISSP, or cloud security certifications (AWS/Microsoft).
* (Mandatory) Ability to obtain an Australian Government security clearance.
-----------------------------------
Benefits
Working with us offers a range of benefits, including:
* Opportunities for professional growth and development.
* Collaborative and dynamic work environment.
* Competitive remuneration and benefits package.
-----------------------------------
Others
Additional information can be found below:
* This role is based in [Location].