Cybersecurity Compliance Specialist

Are you motivated by work that has real-world impact? This is a rare opportunity to step into an cyber security role within a values-driven not-for-profit, where your expertise will help protect critical systems that support thousands of people across the community.

You'll play a pivotal part in maintaining and continuously improving the organisation’s Information Security Management System (ISMS), ensuring alignment with ISO27001:2022, ISM and Essential 8. You will work closely with ICT, security and business stakeholders to uplift security maturity, strengthen governance, and support audit readiness across the enterprise.

What You’ll Be Doing:

• Maintain and continuously improve the ISMS manual and plan, ensuring alignment with ISO27001:2022, ISM and Essential 8.
• Coordinate ISMS activities to support annual audits, certifications and DEWR Right Fit for Risk requirements.
• Conduct information security risk assessments and recommend practical mitigation strategies.
• Monitor, review and implement quarterly ISM control updates to maintain required maturity levels.
• Partner with ICT and business teams to embed ISMS requirements into security initiatives and projects.
• Translate complex technical controls into clear, plain-English guidance for non-technical stakeholders.
• Produce high-quality governance artefacts, reports and audit documentation.
• Collaborate with auditors and external vendors to ensure smooth and successful audit outcomes.
• Provide coaching and guidance to stakeholders on ISMS processes and compliance obligations.

What You’ll Bring:

• Tertiary qualification in Information Technology, Information Security, or a related discipline.
• Strong working knowledge of ISO27001:2022, ISM and Essential 8 frameworks.
• Professional certifications such as GRCP, CRISC, CISA, CISM or CISSP (highly regarded).
• Minimum 3 years’ experience advising on information security risk and controls.
• Proven experience engaging and influencing senior stakeholders.
• Excellent written communication skills, with the ability to produce clear, concise and high-quality documentation.
• Experience using GRC platforms (6clicks or similar preferred).

Why Apply?

• Work in a purpose-driven not-for-profit organisation making a genuine difference to the community.
• Influence enterprise-wide security strategy and governance outcomes.
• Hybrid working arrangements and strong flexibility.
• Competitive salary package and long-term career development opportunities.

If you're looking to combine meaningful work with a challenging and rewarding security role, we’d love to hear from you.