Senior Cyber GRC Specialist

The department is seeking to engage an experienced Cyber Security Governance, Risk, and Compliance (GRC) Officer to strengthen its cybersecurity posture and risk management capability. The Cyber Security GRC Officer will be responsible for ensuring that the Departmental cybersecurity framework aligns with relevant industry standards, regulatory requirements, and internal governance objectives. This role will oversee the implementation and monitoring of cybersecurity controls, support compliance initiatives, and ensure effective risk management across systems, data, and operations.

In addition to core GRC responsibilities, the Officer will also be required to conduct or participate in travel-related cyber risk assessments, deliver tailored cybersecurity awareness briefings, and provide practical guidance to staff and executives traveling domestically or internationally.

The Successful candidate needs to be able to:

• Conduct comprehensive risk assessments of new and existing systems and applications.

• Perform security and risk assessments on business applications, including cloud-based and on-premises solutions

• Ensure applications comply with internal security policies/standards, and external regulations
• Strong understanding of Australian Government security frameworks (e.g., ISM, PSPF)
• Assess risks associated with solution delivery, including software development lifecycle, project management, and deployment practices

• Develop and present risk assessment reports to senior management and relevant stakeholders

• Communicate risks in clear business language, linking technical issues to operational and strategic impacts

• Contribute to the development and improvement of internal risk assessment processes
• Exposure to travel security or cyber risk advisory for personnel working in high-risk or international environments is an advantage.
• Excellent presentation and communication skills - able to brief executives, staff, and technical teams effectively.
• Skilled in preparing security awareness materials, risk briefings, and incident reports.
• Able to deliver concise and actionable briefings before travel or deployments to high-risk areas.

The applicant will have the below duties and responsibilities:

• Aligning security expectations with the ISM, PSPF, Essential 8, and other industry best practices.
• Knowledge of ISO 27001, NIST, PCI DSS, Essential Eight, VPDSS.
• Supporting IRAP preparation activities and ensuring accurate documentation.
• Assisting in the management and implementation of IT security strategies.
• Managing cyber risk to support secure departmental systems and services.
• Building and maintaining relationships with key stakeholders to ensure compliance with Australian Government Security Standards.
• Contributing to the planned migration of services to the cloud.
• Providing cybersecurity advice to a broad range of stakeholders.
• Conducting security and quality assurance reviews and IRAP gap analysis.
• Completing technical reviews and endorsements of technical solution designs.
• Assisting in identifying opportunities to improve the security posture of the department's network and information.
• Raising awareness of information security issues with system owners and departmental staff.
• Exposure to travel security or cyber risk advisory for personnel working in high-risk or international environments.