Let’s Set the Scene… Well known Aussie digital business. Fast-moving, tech-led, operating at serious scale, and in the middle of a major multi-year modernisation program. New architecture, growing risk surface. Cyber GRC is embedded in that work, not watching from the sidelines.
These guys have been on a deliberate maturity journey for several years now. Controls assurance, NIST alignment, ISO 27001, vendor risk, security awareness, the works. They've acknowledged where the gaps were and are actually doing something about it. AI is in the mix, the program is accelerating, and they need someone to help run the assurance engine properly.
What Can You Expect? - Permanent, full-time gig.
- AUD$130-$155k inc. super, plus a bonus.
- Hybrid WFH / in-office setup, Melbourne CBD.
- Start ASAP, role's approved and ready to go.
What You'll Be Doing: You'll be executing a risk-based controls assurance plan aligned to NIST CSF v2, assessing control design and operating effectiveness across systems, applications, processes and IT General Controls. Deficiency management end-to-end: log it, assess the risk, drive remediation, close it out or get to a risk acceptance.
You'll also be collaborating with geographically diverse teams on cyber security reviews for new vendors, contribute to security awareness activity, and support external certifications. The team is leaning into automated assurance tooling to lift coverage and reduce manual effort. This is an environment thinking ahead, not just maintaining what exists.
What Will Land You an Interview? - 4+ years in cyber GRC, controls assurance, or a related advisory or audit role.
- Big 4, advisory, or internal audit background. You’ll know how to assess controls and document evidence properly.
- Solid working knowledge of NIST CSF. ISO 27001, COBIT or PCI-DSS exposure is a bonus.
- You can tell the difference between a well-designed control and one that's actually operating effectively. You've had to make that call and defend it.
- Clear communicator across technical and non-technical audiences.
- Aussie PR or citizenship. No exceptions.
Want to throw your hat in the ring? - You've worked inside a structured assurance or risk program, not just helped design one on paper.
- You can manage multiple workstreams without dropping the ball.
- You don't wait to be told what the risk is. You go find it.
- You can hold a room with senior stakeholders and bring non-technical people on the journey.
How to apply… Your application is completely confidential. Only you and I will know. Want to chat about what you’re looking for? Reach out anytime.
Click APPLY or email me directly at mpearman@decipherbureau.com for an informal, 100% confidential conversation.
We’re committed to diversity and inclusion. All qualified applicants will be considered fairly, regardless of race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.