Program Governance Risk and Compliance (GRC) Lead

Location: Canberra
Job Type: Contract
Posted: 3 months ago
Contact: Maria Lastierre
Reference: 259240

Our Client, an ACT-owned public utility company, is looking for a Program Governance, Risk and Compliance (GRC) Lead to help them tranform their ICT environment, including the transition to a number of new service providers, under a large program of change.

As a provider of critical infrastructure, the Client is focused on the opportunity that the program would provide the Enterprise Security Architect to harness the features of these environments to define and build best-in-class cyber capabilities.

The Role

Reporting to the Cyber GRC Lead, the Program GRC Lead will be responsible for:

  • Ensuring the program and associated projects understand and correctly apply the Client's cyber risk management framework and secure system delivery lifecycle (SSDLC).
  • Ensuring that cyber risk and assurance program activities are planned for and undertaken.
  • Validating that security artefacts and records delivered under the program are fit for purpose and complete.
  • Continual improvement of existing GRC templates and materials in the light of feedback and experience.
  • Development of new GRC templates and materials as required.
  • Coaching, mentoring, and collaborating with the Nova program and individual projects to lift the overall GRC knowledge within the program and wider GRC team.
  • Conducting security risk assessments of current and proposed practices and systems.
  • Assessing, evaluating and making recommendations on the adequacy of the security controls and compliance with policies and standards.
  • Maintaining a working knowledge of industry compliance standards such as ISO27001/2, Australian Privacy Act, Security of Critical Infrastructure Act, PCI-DSS

Qualifications and Experience

The successful applicant will bring:

  • 10+ years of experience in ICT including 5+ years in security governance functions.
  • Proficiency in security frameworks and standards (e.g., ISO 27001, ACSC Essential 8, ISM), especially the NIST-CSF.
  • Relevant Security Certifications (CISSP, CISA, CISM, ISO Lead Auditor etc.).
  • Tertiary qualification in Information Systems, Computer Science, Security or a related discipline preferred.
  • Excellent communication and collaboration skills.

This is a full time contract role for 16 months w/ a 6-month option to extend. The location of work is in Canberra, ACT. Hybrid work arrangements can be negotiated with the Client however the chosen resource will still be expected to attend on site on a weekly basis.

Apply now for immediate consideration - call Maria Lastierre at 02 6245 1717 quoting Job Reference: # 259240

The closing date for this role is on Thursday, 30 November, 2023.

Please note: Only candidates that meet the above criteria will be contacted. Thank you for your interest in the position.

Diversity and inclusion are strongly supported at Peoplebank. People of all nationalities, gender identities, and cultural backgrounds, including Aboriginal and Torres Strait Islander Peoples, are encouraged to apply.