GRC Specialist

Division 5 is a boutique cyber security consultancy based in Brisbane, Queensland Australia. Our mission is to build world-class cyber security in Australia, and our vision is to be a global leader by revolutionising cyber security within Australia. To achieve this, we believe that it is vital we create a culture that encourages quality, integrity, respect, camaraderie, and technical excellence, while nurturing innovation and creativity within our employees. Our team is growing, and we are looking for a GRC Specialist to join our team.

We work closely with customers all around Australia to deliver high-quality cyber security services with a goal of safeguarding their businesses against the threats of a modern world. We deliver a holistic approach to cyber security through three key service areas – assurance, defence, and strategy. 

With our history working with Australian and global businesses, we understand that not all customer environments are the same. Our experience and exposure working with organisations of all sizes, from large local and state government agencies to small boutique businesses, means we can tailor our services to meet our customer’s needs. It can be hard to navigate the world of cyber security and determine what you do and do not need – we will continue to support our customers through these challenging times.

Division 5 is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. 

The role of GRC Specialist within Division 5 will be to deliver high quality cyber security strategy and Governance, Risk, and Compliance (GRC) engagements to a range of clients. These engagements include (but are not limited to) ISO 27001 gap assessments, Essential Eight assessments, risk assessments, development of security policy, security strategies and roadmaps, third-party assessments, threat models, tabletop exercises, ISMS implementation, and configuration reviews. The role will support senior GRC consultants to deliver engagements by preparing and participating in workshops, interviews, audits, and evidence reviews, and delivering engagement outputs such as documentation and reports according to Division 5 standards. 

The role is supported by the leadership of the Head of Strategy and is expected to deliver professional outcomes within the defined scope of the tasks and work packages assigned.

The following details a list of key accountabilities with respect to the role of GRC Specialist at Division 5:

• Delivery of security assessments in accordance with Division 5 methodologies.
• Development of strategies, artefacts, and plans for clients in accordance with industry-recognised standards and Division 5 methodologies.
• Working with clients and consultants to gather required information for engagements to start smoothly (Readiness of Engagement).
• Support senior GRC consultants as directed in the delivery of client engagements.
• Communicate cyber security concepts, principles, and risks to clients in business-friendly language.
• Take ownership of tasks and deliver them within the agreed schedule and to the expected quality.
• Build and maintain healthy relationships with key stakeholders, whether current or future customers, industry professionals, or other internal staff.
• Contribute to a positive workplace culture through personal commitment to Respect, Equity and Diversity principles as well as the Division 5 code of conduct.

• Effectively working across a breadth of clients, organisation types (public, private, not-for-profit), and industries.
• Communicating complex or technical cyber security risks and issues to non-technical audiences.
• Effectively working between multiple clients on different engagements to deliver defined tasks and work packages.
• Maintaining and developing familiarity with emerging issues that may impact or effect clients and the way that they should consider cyber security – such as evolving frameworks, regulation, technology trends, and geopolitical factors.

• Up to three paid volunteer days a year for your favourite cause.
• An annual training allowance to support learning and growth within the industry.
• Positive work culture driven by a young and energetic team with a strong focus on diversity and equality for all.
• Ability to salary package motor vehicles, portable electronics, and superannuation.
• Membership to industry bodies such as AISA, ISACA, and OWASP.
• Regular team events in addition to the social club activities.
• Fresh fruit, coffee, and a weekly laundry service.
• CBD based office very close to public transport.

Division 5 will consider the following capabilities across personal attributes, relationships, results, and business enabler categories. While all are relevant for this role, those in bold are focus capabilities:

• Displays resilience and courage
• Acts with integrity
• Values diversity and inclusion
• Communicates effectively
• Commitment to customer service and satisfaction
• Works collaboratively
• Ability to influence and negotiate
• Delivers quality results
• Ability to plan and prioritise
• Think and solve problems
• Demonstrates accountability

Further to the list above, the following specialised competencies are preferred:

• Strong understanding of technology concepts such as cloud computing, networking, endpoint management, and software development.
• Sound understanding of enterprise and cyber security risk management, as well as governance systems and practices, and audit and compliance processes.
• Sound understanding of governance, risk, and compliance within a cyber security context.
• Strong understanding of the fundamental information security frameworks such as ISO 27001, NIST CSF, Australian Government Information Security Manual, ACSC Essential Eight, PCI DSS etc.
• Sound understanding of threat intelligence and vulnerability management, including awareness of emerging threats, vulnerabilities, and attack vectors.
• Sound understanding of incident response and crisis management approaches and frameworks, and how to apply those in a scenario-driven exercise environment.
• Ability to develop and deliver security awareness programs for clients. Educating staff on security best practices, social engineering awareness, and safe online behaviour.
• Problem-solving and critical thinking skills with the ability to analyse complex issues and develop effective solutions.
• Well-developed professional writing skills.
• Strong interpersonal communication skills (written, in person, and virtual).
• Experience and willingness to leverage digital technologies to deliver engagements including Microsoft Teams, digital whiteboards, Microsoft Forms, digital survey tools etc.
• Strong ability to work autonomously as well as under direction, and deliver high quality work within the scope, schedule, and set and agreed expectations.