Information Security Governance, Risk and Compliance Specialist
We are a financial services company that specialises in fleet management, vehicle leasing and salary packaging, with a presence across Australia, the UK and NZ. A total portfolio under management of $2.5 Billion and over **** employees.
Benefits
Recharge and relax with up to four extra days of leave each year. We call them Wellness days
We offer industry-leading 20 weeks of paid parental leave
Save plenty with vehicle salary packaging
Monetary service milestone awards
Recruitment referral bonus
Discounted mobility products and services
Flexible work arrangements
Career progression opportunities
Education support towards your growth, including an individual learning budget per year, free access to LinkedIn Learning and more
Two paid volunteer days each year to give back to causes that matter to you
Health and wellbeing support
Responsibilities
Implement, maintain and mature information security policies and procedures in accordance with ISO***** and NIST standards.
Assist with information security awareness training initiatives across the group.
Assist in the maintenance and continual improvement of the Information Security Management System (ISMS), including the monitoring and reporting on the effectiveness of security controls and compliance efforts.
Conduct vendor and solution risk assessments or gap analyses to identify areas of improvement in our security posture, including supply chains.
Collaborate with cross-functional teams to ensure compliance with security standards and regulatory requirements, as well as provide guidance on the implementation of security controls (technical and non-technical) and best practices.
Assist with any internal compliance and privacy audits and prepare for external audits, including ISO*****.
Review penetration tests and vulnerability results and assist with the prioritization of resolution efforts based on technical and non-technical risk factors. Track the remediation of identified vulnerabilities, ensuring timely and effective resolution.
Assist with data governance activities including classification and archival.
Stay up to date with the latest developments in security standards and regulatory requirements.
Qualifications
Proven experience in GRC roles with a focus on ISO***** or standards.
Strong understanding of information security risk management principles and methodologies, particularly in supply chains.
Information security technical concepts regarding confidentiality, integrity and availability.
Excellent analytical, problem-solving, and communication skills.
Ability to work independently to achieve goals.
Ability to negotiate security tasks with different teams.
Detail-oriented with a commitment to maintaining high standards of quality and accuracy.
What's Next
We'd love to hear from you if you're ready to take on your next challenge at a company that embodies diversity and belonging while also offering work-life balance and career development.
We are a proud equal opportunity employer, and welcome everyone to our team. Resumes may be sent and interviews may take place prior to closure date for applications. To give yourself the best chance of selection, please do not leave your application to the 'close' date. As a pre-requisite to employment, the successful applicant will be required to complete a pre-employment screening.
Aboriginal and Torres Strait Islander candidates are encouraged to apply.
#J-*****-Ljbffr