The Cyber GRC Analyst plays a pivotal role in strengthening and advancing the organisation's Information Security capability. This role takes a proactive approach to governance, risk, compliance and reporting activities to ensure the Chief Information Security Officer is fully equipped to manage, track and communicate IS risks, controls and obligations with clarity and confidence.
You will contribute directly to the delivery of a strong IS Governance framework across the organisation, supporting key programs such as vendor risk management, control testing, metrics and reporting, cyber awareness and education and broader cyber risk management aligned to leading industry standards (NIST CSF, Essential 8, ISO27001).
Working collaboratively across IT, risk and business teams, you will help maintain and uplift the organisation's cyber posture while ensuring alignment with regulatory requirements including APRA CPS 234, APRA CPS 230 and PCI DSS.
Key responsibilities:
* Support the CISO in driving the organisation's Cyber Governance, Risk and Compliance strategy, spanning frameworks, policy, standards, controls, issues, actions and audits.
* Contribute to IS control testing to align with organisational objectives, risk appetite and industry frameworks such as NIST CSF and CPS 234, and provide regular updates to stakeholders.
* Conduct vendor security risk assessments under the vendor governance framework, collaborating with suppliers to uplift security controls or agreements where gaps exist.
* Support with the development, management and reporting of operational cyber metrics for Board and executive stakeholders, ensuring content is accurate, timely and aligned to expectations.
* Deliver cyber awareness and education activities across the group, including training sessions, phishing simulations, workshops, newsletters and intranet communications.
* Facilitate IS-related audits, coordinating SMEs and tracking actions within the risk system to ensure timely and accurate closure.
* Support the identification, verification, management and reporting of risks, issues and actions, including the use of information classification and risk acceptance processes.
* Schedule and support IS governance forums, including minute-taking, action tracking and stakeholder coordination.
* Maintain and manage updates to IS policies, ensuring appropriate reviews, approvals and documentation processes are completed.
* Identify and champion opportunities to streamline, automate and uplift security and governance processes.
* Maintain accurate and current process documentation, acting as a Process Expert for IS-related processes within TMBL's Process Management system.
* Assist with incident response activities as required.
About You
You'll bring recent experience within a cyber security function with exposure to regulated industries. You thrive in an environment where you can break down complex issues, work collaboratively and influence stakeholders with clarity and confidence. Experience in metrics, reporting, vendor risk assessments or control testing will be advantageous.
Skills and Qualifications:
* Practical knowledge of key information security frameworks (NIST CSF, ISO27001, PCI DSS, Essential 8).
* Understanding of risk management practices relevant to financial services, including APRA CPS 234 and APRA CPS 230.
* Strong analytical capability, with the ability to interpret complex technical information and communicate it in business terms.
* Excellent verbal communication and technical writing abilities, paired with effective stakeholder management skills.
* Ability to work both autonomously and collaboratively in a team environment.
* Demonstrated understanding of a broad range of cyber security concepts and controls.
* A proactive mindset with the drive to design, implement and improve processes.
About us:
Teachers Mutual Bank Limited is one of the largest mutual banks in Australia. We are a globally-recognised socially responsible bank with profit-for-purpose as our business model and philosophy. At our Bank, social responsibility is built-in, not bolted on and drives our business practices, people, and products.
We are proud to serve some of Australia's essential workers in education, emergency services and healthcare. We believe they deserve a bank that does good for their community.
We have been named one of the World's Most Ethical Companies for ten years in a row and are a Certified B Corp Bank.
Our employees embrace our organisation's values of passion, advocacy and sustainability, and contribute to a diverse and inclusive workplace culture founded on mutual respect, equality and a focus on striving to deliver exceptional member service.
We are an Employer of Choice, promote Diversity and Inclusion, and follow EEO principles by appointing on merit. We work under a hybrid working model to provide flexibility in the workplace. For more information about working conditions as well as our employee value proposition, please visit the careers page on our website at www.tmbank.com.au or find us on LinkedIn!
#J-18808-Ljbffr