Security Governance, Risk & Compliance Consultant

Location: Melbourne, Victoria
Job Type: Permanent
Posted: 27 days ago
Contact: Fatema Murtaza
Reference: 247057

Skills and Capabilities:

  • Bachelor's Degree in Computer Science, Information Security, Information Systems, or related field
  • Demonstrated experience with change management, problem solving and 'business as usual' operations activities
  • Previous experience developing Information Security reports for senior leadership
  • Strong understanding of superannuation industry is highly desirable
  • Proven background working in a Security GRC position within complex environment
  • Being comfortable with a high degree of on-the-job learning
  • An understanding of the world of Information Security and a keen sense to learn
  • Understand the NIST Cyber Security Framework (CSF), business processes, security governance, audit compliance and risk assessment
  • Be able to handle the challenges of a varied role in a dynamic organization
  • Ability to identify tasks and activities required to meet project requirements and to set goals and priorities in line with business objectives
  • Ability to contribute to short, medium- and long-term planning and effectively promote ideas
  • Ability to define processes and document procedures (essential)
  • A high standard of presentation, customer service and strong interpersonal skills
  • The ability to effectively convey security risks to technical and non-technical stakeholders

Job description:
Have strong, open communication within the team. Must be most supportive of their peers, giving and taking advice and feedback in an honest, open environment and striving to improve knowledge and competency of self and team.

Ensure delivery of Information Security Governance Risk & Compliance by-

  • Assisting to maintain and improve the compliance of the NIST Cyber Security Framework (CSF).
  • Performing security risk assessments and third-party security risk assessments
  • Providing governance and oversight of the patch & vulnerability management process
  • Facilitating workshops and review sessions with stakeholders and managing their feedback and expectations.
  • Analysing and capturing requirements in collaboration with all stakeholders.
  • Assisting to maintain and improve Information Security policies, standards, guidelines, and processes.
  • Interpreting security controls with relevant compliance, legal and regulatory requirements especially APRA
  • Assisting to prepare, maintain and improve security performance and operational reports.
  • Assisting with timely and accurate tracking, maintaining, verifying and reporting non-conformance and corrective action/s
  • Assist with annual security control testing, collate and report results against NIST Cyber Security Framework (CSF)
  • Assisting with the annual internal and external audit program

Location: Melbourne

Permanent Full-time position