About the Company & Culture:

We’re partnering with one of Australia’s fastest-growing boutique cyber security consultancies. They’re not a product reseller. Not sales-driven. Their focus is on pragmatic, no-agenda advisory - they listen first, which is why clients trust them and return.

The culture is built on authenticity, technical depth, and meaningful relationships. It’s a high-trust, low-ego environment where autonomy is valued, and results speak louder than hierarchy. With their FY28 business plan about to be finalised, this is a long-term growth journey with significant opportunities ahead.

The Role:

We’re hiring a Lead GRC Consultant ready to take their career to the next level, delivering meaningful vCISO and advisory engagements that help clients strengthen their security posture through practical, results-focused solutions.

Location: Canberra - 3 days in-office (client delivery is hands-on and high-touch).

What You’ll Be Doing

• Build strong relationships with clients and internal stakeholders.
• Lead customer workshops to capture business and cyber security requirements, informing maturity assessments, roadmaps, and strategies.
• Provide strategic cyber risk advice aligned to client's business goals.
• Work across multiple concurrent projects, often switching gears quickly between clients.
• Deliver pragmatic, clear, and actionable recommendations across governance, risk, and compliance.
• Write and refine policies, conduct maturity assessments, and design roadmaps.
• Apply strong capability across ISO 27001, NIST CSF, Essential Eight, ISM, and IRAP.

What We’re Looking For

• Proven consultancy experience, ideally from a boutique firm, with the ability to operate autonomously.
• Demonstrated experience developing and maintaining SSPs and SRMPs, particularly in government or regulated environments.
• Strong interpersonal skills - you listen to understand, not just to respond.
• Deep knowledge of cyber risk, security frameworks, and information security management principles.
• Technical understanding of applications, infrastructure, and the environments that deliver them.
• NV1 or NV2 clearance (or a pathway to this), particularly for federal work.
• Certifications such as SABSA, CISSP, CISM, or ISO 27001 Auditor are desired.

Why Join?

• Authentic culture: Built on trust, technical depth, and long-term client relationships.
• No micromanagement: You are trusted to deliver, leadership is there to guide, not to task-manage.
• High-performance environment: People who deliver will succeed and grow.
• Long-term vision: Be a part of the growth journey, not a short-term gig.
• Meaningful work: You’ll help clients improve their security posture in a practical, results-driven way.
• Attractive Salary Package: $170k-$250k package + bonus

If you’re a high-performing GRC consultant looking to build something meaningful (without the politics), let’s connect.

How to apply: Click apply or submit your CV to [email protected] for a 100% confidential, informal conversation where your privacy will absolutely be respected.

Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal-opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.