Address
Form of workA new permanent opportunity available for an experienced GRC Analyst who comes with hands-on experience working with industry leading GRC tools...
To kick off the new year in 2024, we have a rewarding new permanent opportunity available for a Governance, Risk, and Compliance Analyst (GRC & SOX Analyst), to join a supportive and growing technology team based in Sydney, New South Wales.This is a mid-senior level position, and the GRC Analyst will have hybrid working conditions on offer, ideally with work onsite for 2-3 days a week, collaborating with an internal team of passionate technology enthusiasts, and this new hire will be reporting directly the Technology Operations Manager.
In this role, you’ll be responsible for day-to-day responsibilities, including:
- Overseeing and managing the risks associated with third-party vendors and suppliers.
- Updating and maintaining policy documentation across all Business Units.
- Participate in and support the implementation of SOX compliance and frameworks.
- Support the Corporate IT Operations function to manage risk and compliance processes, establish and enhance compliance frameworks and support policy frameworks to adhere to regulatory requirements.
- Leading the third-party vendor management program to identify and manage risks posed by third parties that the company works with.
- Maintaining and updating risk registers.
- Developing Enterprise risk dashboards and working on threat and risk assessments.
- Reporting key risks to Executive management.
- Promoting risk ownership across the organisation and business units.
- Collaborating with cross-functional teams to facilitate enterprise risk management, identify and analyse risks, develop risk mitigation strategies.
- Work with the internal GRC tools & platforms to continuously improve processes and implement and manage governance frameworks.
- Conducting information security audits, assessments, and reviews to ensure compliance with internal policies, standards, and external industry regulations.
- Developing and managing the cyber security awareness training program and identifying areas for improvement.
- Ensuring 100% compliance with safety regulations and promptly reporting potential breaches for corrective action.
- Hands-on experience in the field of Governance, Risk and Compliance, across Information and Cyber Security disciplines.
- Commercial experience working in Governance, Risk, and Compliance, with a primary focus on governance & compliance.
- Possess experience and exposure to SOX compliance and frameworks.
- Possesses a genuine interest and passion for Cyber and Information Security.
- Self-motivated and capable of taking ownership of this function, as this will be a lean technology team that you’ll be joining which requires a good sense of ownership and autonomy.
- Ability to provide guidance and add value to the other the company’s business units by presenting scenarios and influencing team members.
- Familiarity with key risk frameworks such as NIST, ACSC, ISO27001, PCI, ASD Essential Eight, SOCI etc.
- Understanding of the role of key audit reports, such as PCI and ISO27001.
- Previous experience working as a GRC Analyst or GRC Business Analyst with a compliance focus.
- Sound knowledge of information security tools and technologies, such as firewalls, antivirus, encryption, SIEM, vulnerability scanners, etc.
- Industry qualifications will be considered as additional advantage for your application (e.g., CISSP, CISM, CISA, ISO 27001 Auditor/Implementer, IRAP).
Please kindly note, that to be considered for this role, you must be located in Australia and possess full work rights.
