Security GRC Analyst

We're on the lookout for a Security GRC Analyst to join a forward-thinking organisation committed to building a secure future in a global setting. If you're ready to contribute to a maturing cybersecurity environment and thrive on collaboration, this role could be the perfect next step in your career.

• $110-120k + super (negotiable)
• Can be remote, has to be in Australia. Preference for Melbourne
• NIST, ISO 27K, PCI-DSS

What’s in it for you?

• Be part of a purpose-led organisation that values integrity, empathy, and long-term impact.
• Work in a role that makes a real difference, supporting the GRC function of a growing security team.
• Engage with diverse stakeholders across a global business, giving you exposure to high-impact initiatives and strategic projects.
• Enjoy opportunities for ongoing learning and career development, including the chance to gain or expand industry certifications.
• Work in a collaborative and inclusive environment where your voice will be heard and your contributions valued.

Your responsibilities will include:

• Maintaining our compliance programs including PCI-DSS, ISO 27001 / 31000, NIST CSF etc.
• Supporting the development and maintenance of the organisation’s information security framework in line with legal and regulatory standards.
• Conducting risk assessments on third-party vendors and managing associated registers and reporting.
• Performing security control testing to ensure measures are both effective and aligned with internal policy.
• Helping to maintain the information security risk register and support remediation efforts following audits and assessments.
• Contributing to governance and compliance reporting across the cybersecurity function.
• Collaborating with internal stakeholders to raise awareness and guide secure practices throughout the business.

What you’ll bring to the role:

• Solid understanding of information security principles, practices, and emerging trends.
• Experience in information security risk, governance, compliance, or IT audit.
• Experience conducting control assurance, third-party risk assessments, and supporting security policy management.
• Familiarity with key security frameworks such as NIST CSF, ISO27001, or PCI DSS.
• Working towards or holding certs such as CISSP, CISM, CISA, CEH, CISA, CRISC, ISO Lead Auditor/Implementer is an added bonus.