This position is no longer open for applications

IT Compliance and Assurance Officer

IT Compliance and Assurance Officer (BBBH7880) Melbourne CBD, Melbourne, Australia

  • Leading Australian Financial Services firm based in Melbourne
  • Report directly to CISO, own and drive IT Compliance and Risk
  • 3 days in the office, $150k + Super, proven stakeholder management skills



You’ll be the sole IT Risk & Compliance owner in a strong, growing Financial Services security team, reporting to the CISO. This exclusive Melbourne-based role leads external audit engagements, coordinates internal audit activity and owns evidence, governance artefacts and remediation tracking end-to-end.

You’ll design and improve IT control frameworks, present to senior stakeholders, support control testing and RCSAs, and lift control maturity across cloud and on-prem estates. SOCx experience preferred but not essential. Exceptional presentation and communication skills required.


About the role

  • Own IT Risk & Compliance for the business - single point of accountability for IT controls, risk registers and compliance artefacts.
  • Manage and coordinate external auditors and audit deliverables; collaborate closely with internal auditors and business stakeholders.
  • Gather, validate and present audit evidence; maintain governance documents, policies and control libraries.
  • Track audit findings and remediation, provide clear status reporting and dashboards to the CISO and senior stakeholders.
  • Support control testing, RCSAs and assurance activities; contribute to continuous improvement of IT control maturity.
  • SOCx experience desirable (preferred but not essential); hands-on understanding of ITGCs and cloud/SaaS controls advantageous.

 

About you

  • Demonstrated experience in IT governance, risk and compliance - ideally in Financial Services or another regulated environment.
  • Comfortable managing external audit engagements and briefing senior stakeholders; exceptional presentation and communication skills.
  • Strong attention to detail, highly organised and experienced in evidence collection, documentation and artefact management.
  • Good working knowledge of control frameworks (SOC/ISO27001/NIST/COBIT) and IT general controls (access, change, backup).
  • Proven ability to lift control maturity, influence technical and non-technical teams and drive remediation to closure.
  • Tertiary qualification in IT, Cybersecurity, Risk or related discipline preferred.



If you are based in Melbourne, committed to 3 days in the office, and have Australian PR or Citizenship, please apply now.