We are seeking an experienced Technical Lead/ Manager - Governance, Risk and Compliance (GRC) to join our client's growing team to contribute to the successful execution of their strategic technology framework to maximise the value of technology related business investments that assist the clients corporate and operational goals.
This is a 12-month maximum term contract based in Brisbane in a hybrid capacity.
You will be Acting as a strategic proxy for the CISO in monitoring and guiding cyber uplift initiatives across IT and OT domains.
About the role:
This role works across cyber security streams to maintain alignment with key frameworks – notably the NIST Cybersecurity Framework (CSF) 2.0 and the Australian Essential Eight mitigation strategies – and to drive uplift in cyber maturity.
The role will provide continuous oversight of all cyber uplift activities, ensuring delivery remains aligned to Client's cyber strategy and maturity uplift roadmap. This includes monitoring and reporting against the Essential Eight and NIST CSF 2.0 maturity targets, producing monthly progress reports, and leading quarterly Essential Eight self-assessments.
Closing date for the role is 18/09/2025
Key Responsibilities:
* Provide independent oversight of cyber uplift activities to ensure alignment with the Cyber Security Strategy, Client's risk appetite, Essential Eight, and NIST CSF 2.0 targets
* Develop documentation on governance best practice for systems risk, compliance, and authorisation processes and evidence assessment and collation
* Advising and guiding on compliance with client's Enterprise and best practice industry standards and applicable frameworks, PSPF, DSPF, and ISM
* Facilitating several critical systems authorisations and internal compliance uplift Projects
* Lead compliance risk assessments across multiple systems, working with multiple stakeholders
* Consolidate Cyber engagement into a single strategic channel, reducing duplication and ensuring Cyber Leads' expertise is engaged at the right points.
* Provide pragmatic oversight to ensure program deliverables are risk-aligned and effective, avoiding unnecessary complexity or over-engineering.
* Engage collaboratively with Cyber Program — supporting their delivery role while ensuring strategic coherence and governance alignment.
* Support structured communication by feeding uplift performance metrics into enterprise reporting frameworks, enhancing visibility for executives and the Board.
Basic Qualifications (Required Skills/Experience)
* Demonstrates an ability to align GRC with business objectives and risk
* Excellent analytical skills and judgement.
* Strong understanding of cyber security frameworks and regulatory requirements (e.g., SOCI Act, QG IS18, ASD Essential 8, NIST CSF).
* Demonstrated ability to engage with vendors, manage contracts, and service providers, ensuring alignment with security uplift objectives.
Desirables
* Experience working in critical infrastructure environments (e.g., water, energy, transport).
* Knowledge of continuous improvement methodologies (e.g. Lean Six Sigma).
For more information or a confidential discussion, please contact Gary Kumar