About CyberCX
CyberCX is Australia and New Zealand’s leading cyber security services provider, trusted by private and public sector organisations to help manage cyber risk, respond to incidents, and build resilience in an increasingly complex threat landscape.
With a workforce of over 1,400 professionals, CyberCX delivers end-to-end cyber capabilities across consulting and advisory, governance, risk and compliance, incident response, penetration testing, cloud and infrastructure solutions, identity and access management, and managed security services.
We’re looking for a Principal Consultant, GRC to lead high-impact engagements and shape security outcomes at scale.
The Opportunity
This is a senior advisory role for someone who thrives on complexity and influence.
As a Principal Consultant, you will:
Lead complex cyber risk and compliance engagements across enterprise and governmentConduct formal risk assessments aligned to ISM, PSPF, DSPF, NIST CSF, ISO 27001, CPS234 and related frameworksDesign and oversee implementation of fit-for-purpose security solutionsProduce board-ready reports with clear, commercial recommendationsAct as a subject matter expert and mentor within our GRC practiceContribute to capability uplift and thought leadership across CyberCX
You will work closely with clients to translate regulatory and framework requirements into practical, defensible security outcomes.
What We’re Looking For
Deep experience assessing and/or implementing frameworks including ISM, ISO 27001, NIST CSF, PCI DSS, PSPF, DSPF, CPS234Major security certification (CISM, CISA, CISSP, ISO LA/LI or similar)Strong consulting background – ideally within a global consulting firm or large technology organisationExceptional stakeholder engagement skills with credibility at senior and executive levelsDemonstrated ability to lead engagements and mentor junior consultantsAustralian citizenship is required
Why Join CyberCX?
Work on nationally significant programs across enterprise and governmentEngage directly with senior leadership on complex strategic initiativesBe part of Australia’s largest dedicated cyber security capabilityFlexible hybrid environment (Brisbane-based, not fully remote)Clear career progression within a growing national practice
This role is ideal for a senior GRC practitioner ready to operate at Principal level and influence both client outcomes and internal capability.