Cyber Security Risk Analyst

About This Role Location CFA HQ Burwood Full Time Fixed Term to 30/06/2026 PTA 5 $107,864 - $121,276 pa (plus 12% superannuation) Do you want to work for a values-based, emergency service organisation that puts the community at the centre of everything we do?We are proud of the work we do in protecting lives and property, 24 hours a day, 7 days a week.

With over 51,000 volunteers CFA strives to be an organisation of choice for volunteers and employees.

We, embrace individuals with diverse skills, experiences, and backgrounds, recognising the unique value they bring to CFA.

To learn more about the Country Fire Authority (CFA), we invite you to visit our About Us page.

About The Role Join CFA's Cyber Security team and help safeguard one of Victoria's most trusted emergency services organisations.

We're seeking a Cyber Security Risk Analyst to lead a key project focused on strengthening CFA's cyber security governance, risk and compliance (GRC) capability.

In this project focussed role, you will drive the uplift of CFA's cyber security policies, risk frameworks and compliance practices to ensure a secure, resilient digital environment.

You'll lead the implementation of GRC frameworks, particularly through Microsoft Purview, ensuring alignment with the Victorian Protective Data Security Standards (VPDSS) and ACSC's Information Security Manual (ISM).

Responsibilities include developing and maintaining policies for identity access management (IAM), data classification and access control; producing risk and compliance reports; assessing third-party risks via Up Guard; and supporting business impact assessments (BIA), business continuity planning (BCP) and disaster recovery planning (DRP).

You will deliver training and awareness initiatives to build a strong security culture across CFA.

To succeed, you will bring proven experience with GRC frameworks, strong knowledge of cyber security standards, practical IAM expertise and the ability to engage effectively with both technical and non-technical stakeholders.

Be part of something bigger, work with purpose to protect the digital backbone of a critical emergency service.

About You Our ideal candidate will be able to demonstrate the following: Tertiary qualifications in Information Technology, Cybersecurity, Law, Business Administration, or a related field, and familiarity with frameworks such as MITRE ATT&CK, OWASP Top Ten, and NIST Cybersecurity Framework is preferred.

Proven track record of supporting Business Impact Analyses, developing Business Continuity Plans, and Disaster Recovery Plans.

Previous experience in a GRC-focused role within an IT or cybersecurity context, with demonstrated success in developing and implementing GRC frameworks and compliance strategies.

Strong skills in writing clear, actionable, and comprehensive security policies, particularly those focusing on identity management.

Highly developed skills in written communication, inter-personal interactions, and an ability to develop effective relationships and influence key stakeholders.

Why choose CFAMeaningful Purpose: Your contribution truly makes a difference Work-Life Balance: Paid parental leave, generous leave provisions Growth Opportunities: Learning and development Flexibility: Hybrid work options with flexible work arrangements Discounts: Emergency Memberlink discounts on various services Wellbeing Focus: Healthy for Life programs, flu vaccinations Member Assistance Program: Access support across 8 service pathways Your Application Click the 'apply' button to access our online application form.

Here you will be asked to provide personal and contact details and respond to employment-related questions.

When applying for a position with CFA, please submit a cover letter and resume that demonstrates your qualifications, experience, key attributes and skills required for the position.

Pre-employment Checks Offers of employment will only be made to candidates who: Successfully complete Reference Checks, a National Police History Check, Working Rights Check and hold a valid Working with Children Check.

CFA is committed to creating and maintaining a diverse, inclusive, and safe volunteer and work environment.

Our aim is to have a volunteer and paid workforce that reflects the community it serves.

First Nations people, women, people of all ages, with disabilities and culturally and linguistically diverse people are encouraged to apply.

Applications close: 11:59pm 22nd July 2025 If at any stage of the recruitment and selection process you require an alternative format to the application material or reasonable adjustment to the interview arrangements, please don't hesitate to contact the person listed on the ad or alternatively, email recruitment@cfa.vic.gov.au The Country Fire Authority (CFA) values your privacy.

We will use the information you provide when you are applying for employment with us for the purpose of recruitment, selection, evaluation and appointment and to report on anonymised key metrics (e.g.

diversity).

The information we collect will be handled in accordance with privacy laws, including the Privacy and Data Protection Act 2014.

You can view our Privacy Statement here.

For access and correction of the information we have collected, contact recruitment@cfa.vic.gov.au

---