Role Overview
We are seeking a Cyber Security Governance Specialist to strengthen our group company's cyber-security frameworks and risk posture. In this role, you will collaborate with internal teams and guide stakeholders on key security standards and frameworks, including:
- ISO/IEC 27001
- NIST Cybersecurity Framework (CSF) & NIST SP 800 series
- PCI-DSS
Your work will ensure that governance, risk, and compliance (GRC) principles are embedded into business operations, enabling the company to maintain resilience, compliance, and trust.
Key Responsibilities
1. Assess & Benchmark
- Conduct cyber-risk and control-maturity assessments (NIST CSF, ISO 27001, Essential Eight, proprietary models).
- Translate technical findings into executive-level insights and actionable roadmaps.
2. Programme Design & Delivery
- Build and embed cyber-risk programmes: risk registers, treatment plans, dashboards.
- Develop policies, standards, and procedures that are both compliant and practical for engineers.
3. Governance & Compliance
- Own and maintain the GRC framework and policy stack; embed the three lines of defence.
- Guide stakeholders through audits and regulatory reviews (e.g., APRA CPS 234, SOC 2).
- Monitor regulatory changes and advise business stakeholders on impact within 30 days.
4. Strategic Advisory
- Develop multi-year cyber-security and risk strategies aligned to corporate OKRs.
- Present risk posture, KPI/KRI trends, and investment options to boards and regulators.
5. Leadership & Coaching
- Mentor junior GRC analysts and upskill cross-functional teams on secure-by-design and offensive-security principles.
- Foster a culture of continuous improvement and measurable risk reduction.
Qualifications & Experience
Essential
- 3+ years in cyber-security, technology risk, or security consulting.
- Hands-on delivery of ISO 27001 and PCI-DSS certification projects.
- Experience guiding senior stakeholders through NIST CSF or equivalent reviews.
- Working knowledge of offensive-security methodologies to inform strategic risk decisions.
- Strong experience building risk registers, executive dashboards, and board reports.
Preferred / Nice-to-Have
- Master's degree in Cybersecurity, Risk, Business, or MBA.
- Professional certifications: CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor.
- Exposure to AI governance and data ethics (e.g., NIST AI RMF).
- Prior line-management of GRC, security architecture, or penetration testing teams.
