Cyber Security Grc Analyst

Description:

We have an exciting opportunity to join a motivated and dedicated team of cyber security professionals delivering a leading-edge capability for the environments our deployed military personnel rely on. This role offers the chance to apply your broad experience in a supportive team environment, explore new technologies in the cyber security space, and engage with highly skilled peers, partners, and military personnel.

As a Cyber Security GRC Analyst, you will provide cyber security subject matter expertise and guidance to stakeholders and the broader team. Your work will focus on the integration of governance, risk, and compliance (GRC) across various systems. This is a diverse role with broad scope that offers the opportunity to apply and further develop your skills while contributing to national security.

Key Responsibilities
 

• Evaluate the effectiveness of security controls against the ISM, Essential Eight, Cyberworthiness, NIST, other approved frameworks, and standard designs.
• Conduct security, gap, and compliance audits, providing detailed reporting and documentation.
• Maintain, verify, and update accreditation documentation and compliance artefacts, including risk assessments and reports.
• Apply cyber security governance, risk, and compliance principles and frameworks in day-to-day practice.
• Prepare and manage compliance documentation such as risk registers, security plans, audit results, and ensure accurate recordkeeping.
   

Qualifications & Experience

Alongside relevant education and/or practical experience, you will be a collaborative, outcomes-focused individual who is committed to meeting customer needs. You will bring:
 

• Over 5 years’ experience in Cyber Security GRC, audit, risk, or compliance roles; experience working in Defence settings is highly regarded.
• Demonstrated ability to produce high-quality security assessment documentation and manage compliance activities.
• Sound knowledge of risk management frameworks such as ISO 31000, FAIR, OCTAVE, and the NIST RMF.
• Industry-recognised certifications such as CRISC, CISM, CISA, CISSP, ISO 27001 or equivalent.
• Strong communication and stakeholder engagement skills, with high attention to detail and well-developed organisational abilities.