About the Company

• Part of a large, ASX-listed organisation with a strong national footprint.
• Significant investment in cyber and risk functions.
• Operates across multiple business units, giving you exposure to complex, enterprise-scale environments.

About the Role

This is a broad, hands-on role where you'll own key elements of the GRC function across multiple business units - from third-party risk and policy management through to risk reporting and security awareness uplift. You'll be working closely with senior stakeholders across technology, legal, and business teams, giving you strong visibility and influence across the organisation.

About You

• 5+ years in information security, with at least 2+ years in a GRC-focused role.
• Strong understanding of frameworks such as NIST, ISO 27001, ACSC, PCI DSS.
• Experience managing third-party/vendor risk programs.
• Background in risk assessments, audits, and compliance reporting.
• Ability to engage and influence stakeholders across technical and non-technical teams.
• Relevant certifications (CISSP, CISM, CISA, ISO 27001) highly regarded.

Key Accountabilities

• Lead and evolve the third-party risk management program, including vendor onboarding and ongoing reviews.
• Manage and maintain risk registers, dashboards, and executive-level reporting.
• Oversee policy development, compliance frameworks, and control assurance activities.
• Drive cyber security awareness initiatives across the business.
• Support audits and ensure alignment with regulatory and industry standards.

Benefits

• High-impact role with ownership across multiple business units.
• Strong exposure to senior stakeholders, including exec-level reporting.
• Backed by a well-funded cyber function with clear growth plans.