This is a Senior Cyber Governance, Risk & Assurance Specialist role with Cuscal Limited based in Sydney, NSW, AU Cuscal Limited Role Seniority - senior More about the Senior Cyber Governance, Risk & Assurance Specialist role at Cuscal Limited Company Description Forward with Cuscal At Cuscal, we’re not just shaping the future of payments - we’re pioneering it. From launching Australia’s first ATM to being the first certified NPP PayTo Payer and Initiator in 2022, we’ve spent over 59 years building solutions that millions of Australians rely on every day. Now, we’re preparing for what’s next, and we want you to be part of it. Join us as a Senior Cyber Governance, Risk & Assurance Specialist in our IT Security Risk & Compliance team and help us deliver ground-breaking solutions that push the boundaries of what’s possible. Job Description Reviewing application from 5th January 2026. Your Opportunity Join Cuscal as a Senior Cyber Governance, Risk & Assurance Specialist, where you’ll play a key role in strengthening our cybersecurity governance and risk management frameworks. This position ensures compliance with regulations and helps protect against evolving cyber threats. You’ll manage compliance processes, perform risk assessments, and provide insights that guide risk-based decisions. Working with teams across the business, you’ll promote a culture of risk awareness, improve control effectiveness, and contribute to strategic cybersecurity reporting for senior leadership. Cyber Governance and Policy Support Help develop, implement, and maintain cybersecurity policies, standards, and frameworks. Keep policies and procedures up to date and aligned with industry and regulatory standards (e.g., PCI DSS, SOC 2, CPS 234). Risk Identification and Assessment Carry out risk assessments for systems, applications, and third-party vendors. Analyse findings and recommend actions to reduce security risks. Compliance and Regulatory Alignment Support PCI DSS and SOC 2 compliance activities, including audits and remediation tracking. Monitor regulatory requirements to ensure ongoing compliance (e.g., APRA CPS 234). Assurance and Control Testing Test and assess cybersecurity controls regularly. Document gaps, track remediation, and report progress to stakeholders. Reporting and Documentation Prepare cybersecurity risk reports for committees and senior stakeholders. Provide insights and analysis to improve understanding of risks and support informed decisions. Qualifications What can you bring? Proven experience (5-7 years) in cybersecurity governance, risk management, and compliance, preferably within the financial services or payment sector. Strong knowledge of cybersecurity frameworks and standards, such as NIST, ISO 27001, and relevant regulatory requirements (e.g., APRA CPS 234, PCI DSS). Demonstrated expertise in conducting risk assessments, control testing, and assurance activities to support a risk-informed decision-making process. Hands-on experience with compliance management, including maintaining documentation, tracking remediation efforts, and preparing for audits. Proficiency in analyzing and reporting cyber risks, with the ability to present complex information clearly to diverse stakeholders. Familiarity with cybersecurity policy development, control frameworks, and their application to enterprise environments. Experience collaborating with cross-functional teams, such as IT, Legal, and Compliance, to align cybersecurity practices with business objectives. Knowledge of incident response practices, vulnerability management, and third-party risk management best practices. Ability to contribute to short, medium- and long-term planning and effectively promote ideas. Relevant professional certifications (e.g., CISM, CRISC, CGEIT) preferred. Although not required, any experience in the following would be highly regarded: Payment’s industry, ATM/EFT/POS technology, cards and finance or other regulated industries and/or 24x7 mission-critical environments. Knowledge of security frameworks and standards such as ISO 27001, NIST, CPS234, ASD Essential 8 etc. Understanding of legal, regulatory, privacy and security matters associated with the Banking and Finance Industry. Additional Information Why Cuscal? At Cuscal, you’ll find a strong, successful company that’s reimagining the future. And our team is right there at the heart of it all. Here, you’ll deliver or support interesting, ground-breaking work that has real impact - on Australia’s financial services sector and the millions of customers it serves. You’ll innovate alongside skilled, smart, connected teams. And you’ll build an impressive, fulfilling career that continues to grow. You’ll also enjoy a range of benefits, including: Work in a hybrid model that supports your lifestyle and goals We celebrate success: Our IGNITE program recognises individual and team achievements. Wellbeing focus: We support your physical, mental, and financial health with holistic initiatives and access to discounts via ‘Cuscal Advantage. Join us and reimagine the future If this role excites you, we’d love to explore your potential and vision for the future. Screening and interviews may occur before the job ad closing date, so don’t wait - apply now. For further information about this role please contact careers@cuscal.com.au Cuscal is an equal opportunity employer committed to an equitable, diverse, and socially inclusive work environment and a positive, barrier-free recruitment process. We welcome applicants from an Aboriginal and Torres Strait Islander heritage, people living with a disability, LGBTQIA and people from culturally diverse backgrounds to explore career opportunities with Cuscal. Note: Cuscal does not accept unsolicited resumes from recruitment agencies or search firms. Before we jump into the responsibilities of the role. No matter what you come in knowing, you’ll be learning new things all the time and the Cuscal Limited team will be there to support your growth. Please consider applying even if you don't meet 100% of what’s outlined Key Responsibilities Developing cybersecurity policies ⚠️ Conducting risk assessments Preparing cybersecurity reports Key Strengths ️ Cybersecurity governance Risk assessment Compliance management Payment industry knowledge Security frameworks knowledge ⚖️ Legal and regulatory understanding Why Cuscal Limited is partnering with Hatch on this role. Hatch exists to level the playing field for people as they discover a career that’s right for them. So when you apply you have the chance to show more than just your resume. A Final Note: This is a role with Cuscal Limited not with Hatch.