GRC Specialist

Our Federal Government partner is seeking an experienced Cyber Security Governance, Risk and Compliance (GRC) Specialist to support and enhance cyber security governance, risk management and compliance outcomes across the organisation.

Working as part of a broader cyber security function, you will partner with business and technology stakeholders to strengthen policy compliance, improve security awareness, support audit activities, and drive practical risk management outcomes. Success in this role requires exceptional communication skills, sound judgement, and the ability to translate cyber security requirements into pragmatic business processes and controls.

This opportunity is ideally suited to an experienced GRC professional who is comfortable engaging with stakeholders at all levels and can effectively balance governance requirements with operational realities.

• Exceptional verbal and written communication skills, with the ability to clearly explain cyber security, risk, governance and compliance requirements to both technical and non-technical audiences

• Strong stakeholder engagement and relationship management skills, including the ability to influence outcomes and build effective working relationships across diverse business areas

• Demonstrated experience in Cyber Security Governance, Risk and Compliance (GRC) functions

• Strong understanding of governance, risk management, compliance obligations and security control frameworks

• Experience supporting the implementation, adoption and continuous improvement of cyber security policies, standards and procedures

• Proven ability to translate policy and compliance requirements into practical controls, processes and business outcomes

• Experience supporting security awareness, education and behavioural change initiatives

• Experience supporting audit activities, including evidence collection, stakeholder coordination, findings management and remediation tracking

• Strong organisational skills with the ability to manage competing priorities and meet deadlines

• Ability to work autonomously while contributing effectively within a collaborative team environment

• Working knowledge of ISO 27001, Essential Eight, NIST Cybersecurity Framework or similar industry frameworks

• Experience working within Federal Government, large enterprise or other highly regulated environments

• Exposure to enterprise risk management, compliance reporting and governance forums

• Experience using GRC platforms, risk management systems or audit management tools

• Relevant industry certifications such as CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor or equivalent

• Experience supporting supplier, vendor or third-party cyber risk assessments

• Tertiary qualification in Cyber Security, Information Technology, Risk Management, Business or a related discipline

• Partner with business units to support the implementation and adoption of cyber security policies, standards and procedures

• Provide practical guidance to stakeholders on cyber security governance, risk and compliance obligations

• Identify, document and track gaps between existing practices and policy requirements

• Assist in developing practical controls, processes, procedures and supporting artefacts to improve compliance outcomes

• Support policy exception management activities, including assessment, documentation, tracking and reporting

• Coordinate and support security awareness and training initiatives, including stakeholder engagement, scheduling, reporting and compliance monitoring

• Monitor completion of mandatory cyber security training requirements and support reporting activities

• Assist with internal and external audit activities, including evidence collection, stakeholder coordination and audit readiness preparation

• Maintain remediation registers and track audit findings, risk treatments and improvement actions through to completion

• Support cyber security risk assessments, workshops and risk management activities

• Contribute to governance reporting, metrics, dashboards and management briefings

• Support supplier and third-party cyber risk assessment activities as required

• Contribute to broader cyber security governance, risk and compliance initiatives and projects as prioritised

• Australian Citizenship is required

• Ability to obtain and maintain a Federal Government security clearance may be required

• Relevant qualifications, certifications and industry experience will be highly regarded

This role offers the opportunity to work within a significant Federal Government environment where you will contribute directly to improving cyber security governance, risk and compliance outcomes. You will work alongside experienced cyber security professionals while engaging broadly across the organisation to help strengthen cyber resilience and support the delivery of critical government services.