AddressAs an industry leading market research company, Roy Morgan has an exciting opportunity for an Information Security Risk & Compliance Analyst to join our Quality Systems division at our head office in Melbourne CBD. As part of a team that contributes to the management of Information Security you will be exposed to all facets of Information Security management including:
- physical, digital, operational and administrative security
- securing information from malicious attacks, unauthorised access, unusual extraction, unintended use, unexpected dissemination
- Information Security Risk management
- Information Security ISO accreditation and compliance
- internal and external security audits.
About Roy Morgan
Roy Morgan is Australia's most well-known and trusted market and social research company. Over the last 80 years, we have built a reputation for providing accurate, meaningful, insightful information to help our clients make better, more informed decisions. Our diverse portfolio includes research, data-driven insights, and digital solutions. At Roy Morgan we prioritise excellence. We are certified in ISO27011 Information Security Management System, AS/NZS ISO9001 Quality Management Systems and ISO20252 Market and Social Research and standards.Join us and you will experience a vibrant culture, work with a great team of professionals and be part of a passionate team!
About the Role
Join our expanding Quality team as an Information Security Risk and Compliance Analyst, ensuring the secure and efficient operation of our business processes. You will work within a framework that emphasises quality and security. You will be exposed to all facets of Information Security from identification and management of risks and threats, through reviewing security architectures to managing quality compliance and ISO accreditation.The focus of this role is an administrative and security management role requiring understanding ISO standards, government standards and legal requirements that dictate and guide how Roy Morgan should most effectively manage Information Security. These standards and requirements include ISO 27001, the Essential Eight, Defence Industry Security Program, Privacy and the handling of personal information.
This role is not a technical role requiring knowledge of how-to penetration test systems, hack systems or exploit vulnerabilities in systems, networks, and applications.
In this role you will:
- Identify, assess, prioritise and manage Information Security Risks and threats
- Maintain Information Security governance framework including periodic review of policies, ongoing updates to Compliance registers and administering Information Security Management Steering Committee
- Plan and execute assessments by external parties to evaluate the security posture of Roy Morgan systems, including client-initiated questionnaires and assessments
- Uphold adherence to organizational policies, maintaining exceptional quality and accreditation standards, and fostering strong service delivery and stakeholder engagement
- Handle security related incidents to root cause
- Monitor the environment for potential security issues and take appropriate action
- Plan and coordinate internal and external quality audits, including surveillance audits and ISO 27001 certification
- Evangelise best practice security, risk and compliance principles and support effective associated training across Roy Morgan's business functions
- Oversee security principles and tiered check lists for business suppliers and oversee security requirements for business clients.
Requirements for Success (the following are highly preferred but not essential):
- Genuine interest in Information/Cyber Security analysis and risk management
- Strong understanding and knowledge of Australian government security standards and frameworks (e.g., PSPF, ISM, ASD Essential Eight)
- Knowledge of risk management principles, particularly in Information Security Operations
- Strong written and oral communication skills for developing and maintaining company policies and educating staff
- Problem-solving skills with technical acumen for interpreting and implementing technical requirements
- Strong administration skills to ensure all documentation, systems, committees and escalation points run as smoothly as possible, coupled with a high level of proficiency in Office 365
- Excellent organisation skills and able to multitask, prioritise and manage conflicting deadlines
- Adaptable and comfortable working with change and in a fast-paced environment
- Any tertiary qualification or IT related Certificate IV
- Understanding and experience in ISO27001 and familiarity with Quality Assurance procedures and audit requirements (ideal, not essential)
Above all, we are seeking a motivated, collaborative individual and if you are ready to join us on this exciting journey, apply today! Join us as we strive to enhance our Information Security and quality systems and make a difference in the industry.
What We Offer
- Competitive salary package
- Discounted MYKI passes, and entertainment event tickets
- Flat organisational structure and access to senior staff
- Annual flu vaccine
- Company social events, including Friday night events
- Funded EAP for employees and their families
- Corporate discount for health insurance
Roy Morgan values diversity and is committed to building an inclusive workplace culture that reflects our community. We encourage diversity and recognise the enrichment diversity brings to our business and people - whether its diversity of skill, experience and/or background. We welcome applications from diverse backgrounds and community groups including Aboriginal and Torres Strait Islander peoples.
