About the Company & Culture: We’re partnering with one of Australia’s fastest-growing boutique cyber security consultancies. They’re not a product reseller. Not sales-driven. Their focus is on pragmatic, no-agenda advisory - they listen first, which is why clients trust them and return.
The culture is built on authenticity, technical depth, and meaningful relationships. It’s a high-trust, low-ego environment where autonomy is valued, and results speak louder than hierarchy. With their FY28 business plan about to be finalised, this is a long-term growth journey with significant opportunities ahead.
The Role: We’re hiring a
Lead GRC Consultant ready to take their career to the next level, delivering meaningful vCISO and advisory engagements that help clients strengthen their security posture through practical, results-focused solutions.
Location: Canberra - 3 days in-office (client delivery is hands-on and high-touch). What You’ll Be Doing - Build strong relationships with clients and internal stakeholders.
- Lead customer workshops to capture business and cyber security requirements, informing maturity assessments, roadmaps, and strategies.
- Provide strategic cyber risk advice aligned to client's business goals.
- Work across multiple concurrent projects, often switching gears quickly between clients.
- Deliver pragmatic, clear, and actionable recommendations across governance, risk, and compliance.
- Write and refine policies, conduct maturity assessments, and design roadmaps.
- Apply strong capability across ISO 27001, NIST CSF, Essential Eight, ISM, and IRAP.
What We’re Looking For - Proven consultancy experience, ideally from a boutique firm, with the ability to operate autonomously.
- Demonstrated experience developing and maintaining SSPs and SRMPs, particularly in government or regulated environments.
- Strong interpersonal skills - you listen to understand, not just to respond.
- Deep knowledge of cyber risk, security frameworks, and information security management principles.
- Technical understanding of applications, infrastructure, and the environments that deliver them.
- NV1 or NV2 clearance (or a pathway to this), particularly for federal work.
- Certifications such as SABSA, CISSP, CISM, or ISO 27001 Auditor are desired.
Why Join? - Authentic culture: Built on trust, technical depth, and long-term client relationships.
- No micromanagement: You are trusted to deliver, leadership is there to guide, not to task-manage.
- High-performance environment: People who deliver will succeed and grow.
- Long-term vision: Be a part of the growth journey, not a short-term gig.
- Meaningful work: You’ll help clients improve their security posture in a practical, results-driven way.
- Attractive Salary Package: $180k-$250k package + bonus
If you’re a high-performing senior
GRC consultant looking to build something meaningful (without the politics), let’s connect.
How to apply: Click apply or submit your CV to jasmine@decipherbureau.com for a 100% confidential, informal conversation where your privacy will absolutely be respected.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal-opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.