Security GRC Analyst

We're on the lookout for a Security GRC Analyst to join a forward-thinking organisation committed to building a secure, ethical, and values-driven future. If you're ready to contribute to a maturing cybersecurity environment and thrive on collaboration, this role could be the perfect next step in your career.

$90-100k + super

What’s in it for you?

• Be part of a purpose-led organisation that values integrity, empathy, and long-term impact.
• Work in a role that makes a real difference, supporting the GRC function of a growing security team.
• Engage with diverse stakeholders across the business, giving you exposure to high-impact initiatives and strategic projects.
• Enjoy opportunities for ongoing learning and career development, including the chance to gain or expand industry certifications.
• Work in a collaborative and inclusive environment where your voice will be heard and your contributions valued.

Your responsibilities will include:

• Supporting the development and maintenance of the organisation’s information security framework in line with legal and regulatory standards.
• Assisting with compliance obligations including APRA CPS 234 and other relevant frameworks.
• Conducting risk assessments on third-party vendors and managing associated registers and reporting.
• Performing security control testing to ensure measures are both effective and aligned with internal policy.
• Helping to maintain the information security risk register and support remediation efforts following audits and assessments.
• Contributing to governance and compliance reporting across the cybersecurity function.
• Collaborating with internal stakeholders to raise awareness and guide secure practices throughout the business.

What you’ll bring to the role:

• Solid understanding of information security principles, practices, and emerging trends.
• Experience in information security risk, governance, compliance, or IT audit.
• Experience conducting control assurance, third-party risk assessments, and supporting security policy management.
• Familiarity with key security frameworks such as NIST CSF, ISO27001, or PCI DSS.
• An understanding of regulatory obligations within the financial services sector - especially APRA CPS 234 - will be highly regarded.
• Working towards or holding certs such as CISSP, CISM, CISA, or CEH is a plus.