Cyber Security Consultant

Summary:

This is a client-facing role where you will deliver governance, risk, and compliance (GRC) engagements across a diverse set of industries. You will work directly with client stakeholders to strengthen cybersecurity posture, ensure regulatory alignment, and address key risk areas — with a particular focus on vendor risk management, security frameworks, and compliance programs.

This role is ideal for a professional with hands-on GRC consulting experience who is ready to manage projects, execute risk assessments, and contribute to account growth while working under the guidance of senior consultants and practice leaders.

Responsibilities:

Client Advisory & GRC Consulting

• Support client-facing GRC engagements across industries including financial services, healthcare, critical infrastructure, and government.
• Conduct vendor risk assessments, third-party security audits, and supply chain risk reviews, within the defined timeframes.
• Provide regular reporting and updates and manage co-ordination of vendors and along with validating their responses and ensuring the risk assessment is complete.
• Assist in designing and take ownership in implementing governance frameworks aligned to ISO 27001, NIST CSF, Essential Eight, and client-specific needs.
• Contribute to the development of cybersecurity roadmaps and risk mitigation strategies under senior consultant guidance.

Compliance & Risk Advisory

• Deliver ISO 27001 gap assessments, internal audits, and implementation support.
• Support financial services clients with compliance needs under APRA CPS 234 and related prudential standards.
• Conduct compliance assessments against Australian regulatory requirements including Privacy Act 1988 and SOCI Act obligations.
• Assist with PCI DSS assessments and remediation programs (desirable, not mandatory).

Security Program Support

• Support cloud security reviews across AWS and Azure environments.
• Assist in developing risk registers, incident response plans, and continuity frameworks in line with client business objectives.
• Prepare reports and presentations for executive stakeholders, clearly linking cyber risk insights to business outcomes.

Required Skills & Qualifications:

• Bachelor’s degree in cybersecurity, information systems, or a related field (preferred).
• 3–6 years of experience in cybersecurity, risk management, or compliance-focused consulting.
• Strong experience conducting vendor risk assessments and supplier security reviews.
• Practical knowledge of ISO 27001, NIST CSF, and Essential Eight frameworks.
• Understanding of APRA CPS 234, Privacy Act, and SOCI Act requirements.
• Ability to document and present clear, actionable recommendations to technical and non-technical stakeholders.
• Excellent written and verbal communication skills for client-facing roles.

Certifications:

• ISO 27001 Lead Auditor/Implementer (required)
• CISA/ CISM/ CRISC (preferred but not all required)
• Cloud security certifications (advantageous)
• PCI QSA or PCI DSS experience (advantageous)