• Newly created Sr GRC Analyst role, Melbourne CBD, Hybrid
• Work closely with CISO, broad exposure, growing environment
• Pathway to become a manager and lead a small team

Our client is seeking a Senior GRC Analyst to lead governance, risk, and compliance across the organisation. The role ensures policies and controls align with ISO 27001, ISM, and broader regulatory requirements such as PSPF, SOCI, and the Privacy Act. You’ll oversee risk management, compliance, and resilience planning.

About the Role

• Develop and maintain ISO 27001/ISM-aligned policies, ISMS, and security frameworks.
• Lead risk assessments, vendor reviews, and ongoing risk register management.
• Ensure compliance with regulatory, legal, and contractual obligations (e.g. PSPF, SOCI).
• Support certifications, IRAP assessments, and internal/external audits.
• Strengthen security posture through incident response and continuity planning.

About You

• 4+ years’ experience in GRC or cybersecurity roles across enterprise or regulated environments.
• Strong knowledge of ISO 27001, ISM, and PSPF frameworks.
• Skilled in risk management, compliance oversight, and stakeholder engagement.
• Relevant certifications (CISM, CRISC, ISO 27001 Lead Auditor/Implementer).
• Proactive professional with excellent communication and a focus on building security culture.

If you’re ready to take the next step in your GRC career and contribute to a high-impact role, apply today with your CV. For the right candidate, there is also a clear pathway to transition into a Manager role within 24 months.