Cyber GRC Specialist (Melbourne)

About the role

We are looking for a Cyber GRC Specialist to join a leading Australian digital enterprise undergoing a multi-year platform modernisation. The role will drive the assurance engine for cyber governance, risk and compliance across a growing risk surface, supporting AI initiatives and new architecture.

Key responsibilities

• Execute a risk-based controls assurance plan aligned with NIST CSF v2, evaluating design and operating effectiveness of systems, applications, processes and IT General Controls.
• Manage the full lifecycle of deficiencies: log, assess risk, coordinate remediation, and close or obtain risk acceptance.
• Collaborate with geographically dispersed teams on security reviews for new vendors and support external certifications.
• Contribute to security awareness programmes and help automate assurance tooling to increase coverage and reduce manual effort.
• Provide clear communication of findings to technical and non-technical stakeholders, including senior leadership.

Required profile

• 4+ years of experience in cyber GRC, controls assurance, advisory or audit roles, preferably within a Big 4, consultancy or internal audit function.
• Demonstrated ability to assess controls, document evidence and distinguish between well-designed and effectively operating controls.
• Australian permanent residency or citizenship.
• Proven track record of managing multiple workstreams and proactively identifying risks.

Required skills

• Strong knowledge of NIST Cybersecurity Framework (CSF) v2.
• Experience with ISO 27001, PCI-DSS and exposure to COBIT.
• Understanding of IT General Controls and vendor risk management.

What we offer

• Permanent full-time position with a salary of AUD 130-155k incl. super plus bonus.
• Hybrid work model (office in Melbourne CBD and remote).
• Opportunity to work on a high-impact modernisation programme within a fast-moving tech-led environment.