Senior Cyber Risk & Assurance Specialist New GRC Leadership Role. Growing GRC Team.
Permanent | Melbourne | Hybrid Flexibility
The Company We’re partnering with a major Australian critical infrastructure organisation with a significant cyber uplift underway and strong executive backing, the business is investing heavily in maturing its cyber risk, assurance, and resilience capability across both IT and OT environments.
This is a rare opportunity to join a highly visible cyber function during a genuine transformation phase - helping shape the future state of cyber governance within a complex, operationally critical environment.
The Role This is not a traditional GRC role. We’re looking for a senior cyber practitioner who is technically grounded and has evolved into risk and assurance leader over time.
You’ll operate as the 2IC to the GRC Manager, working as a principal-level individual contributor with the autonomy to lead workstreams, challenge stakeholders, and build mature cyber risk capability across the organisation.
You will get the opportunity to bring in ideas, own outcomes, and independently drive enterprise uplift initiatives without heavy direction. This role is ideal for someone who understands cyber controls deeply, can validate real effectiveness, and knows how to navigate both IT and OT risk in critical environments.
Key Responsibilities: - Lead the implementation and operationalisation of the cyber risk management framework, ensuring risk methodologies are embedded into day-to-day technology.
- Own and continuously uplift the cyber risk register, ensuring risks are accurately assessed, rated, and linked to control posture and business impact.
- Evaluate cyber security control posture across key domains, identifying where control weaknesses materially impact risk exposure, resilience, and regulatory obligations.
- Partner with infrastructure, application, architecture, and OT teams to validate control effectiveness and drive risk-based remediation priorities.
- Drive uplift of the cyber control library aligned to AESCSF, NIST CSF, Essential Eight, and internal policy requirements
- Lead the update, rollout, and enterprise-wide implementation of cyber security policies, ensuring adoption across both IT and OT environments rather than documentation-only outcomes
Experience Needed: - 10+ years in cyber security, including 5+ years in GRC, cyber risk, or assurance.
- Deep understanding of control design and effectiveness testing.
- Experience in utilities, energy, or critical infrastructure highly regarded.
- Exposure to IT/OT convergence and operational risk environments.
- Strong working knowledge of NIST CSF, NIST 800-53, ISO 27001/27005, Essential Eight, and ideally AESCSF.
- Familiarity with SOCI obligations is advantageous.
- One or more certifications such as CISSP, CRISC, CISM, or CISA.
Why Join? - Competitive Salary Package + Bonus.
- High-impact role in a well-known, rapidly growing organisation.
- Genuine opportunity to build cyber capability, not maintain BAU.
- Executive visibility and influencing opportunity.
- Long-term GRC maturity journey with board sponsorship.
- Rare principal-level IC opportunity with leadership scope.
How to apply: Click apply or submit your CV to jasmine@decipherbureau.com or cwhyte@decipherbureau.com for a 100% confidential, informal conversation where your privacy will absolutely be respected.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal-opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.