**Permanent role**:
- ** Location
- North Sydney**:
- **Hybrid work - One day in the office**:
- ** Highly competitive salary with an annual bonus**
**About the role**
Our client requires a Cyber Security Support Officer to support their BAU security activities. You will also play a key role in varied and interesting project work including updating internal practices, closing gaps identified in relevant audits and ensuring the protection of information throughout the business.
**Key Requirements and Responsibilities**
- Supporting security related processes for the certified ISMS to enable ongoing compliance with contractual, regulatory and legislative obligations, with oversight and support from the BISO APAC.
- Maintain records necessary to meet audit requirements, such as ISO 27001, PCI DSS and SOC.
- Manage audit processes for internal and external auditors for ongoing compliance.
- Writing and communicating periodic cyber security management reporting to the BISO APAC and internal leadership teams to support governance of the ISMS and management of security risks related to client services.
- Supporting and assisting the BISO APAC and security team with managing the client's cyber risk profile and improvement activities.
- Support ongoing risk management and reporting across the people, processes and technology supporting client services.
- Support the enhancement and maturation of the existing common control framework, security standards and policies in place for the client solution and liaise with stakeholders in relation to cyber security issues and provide future recommendations.
- Providing general security advisory, to ensure information security is embedded into initiatives for the client.
**Requirements**:
- 2-3 years relevant experience
- Possess a good understanding of information security strategy, principles and best practices.
- Be knowledgeable in common cyber security governance and technology domains.
- Experience with the industry and regulatory standards (ISO 27001, PCI DSS, SOC 2).
- Experience in managing audit or due diligence activities.
- Possess an understanding of risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Ability to deliver to strict deadlines in a highly, client-driven environment
- Interpersonal and collaborative skills and the ability to communicate with technical and nontechnical audiences.
- Professional certifications in information security, such as ISO Auditor or Implementer, CISA, or CISM are desirable but not essential.
- Previous work within a cyber-security function, particularly in the Finance sector.