Senior Cyber Security Advisor

Senior Cyber Governance Risk and Compliance Advisor. Location: Sydney. Industry: Higher Education. Contract Length: ASAP through to 30/04/2026 initial term. An exciting opportunity has arisen for a Senior Cyber Governance Risk and Compliance Advisor to join a highly top University in Sydney, where your expertise will directly shape the future of cybersecurity across a complex and evolving environment.

As a Senior Cyber Governance Risk and Compliance Advisor based in Sydney, you will play an instrumental role in safeguarding the organisation's digital assets by driving the evolution of its cybersecurity posture. Your day-to-day responsibilities will see you partnering with key stakeholders across multiple departments to ensure that robust governance structures are not only designed but also fully integrated into every facet of business activity—from large-scale transformation programs down to routine operations. You will be responsible for developing policies aligned with leading industry frameworks while overseeing their practical application throughout the organisation. By coordinating risk assessments and tracking remediation efforts, you will provide clear insights into residual risks for executive decision-makers. Your ability to translate complex technical concepts into accessible recommendations will make you a valued advisor at all levels. Success in this role means fostering a culture where security is prioritised without compromising business agility or innovation.

• Lead the design, implementation, and continual improvement of comprehensive cybersecurity governance frameworks that align with organisational strategy as well as compliance obligations.
• Ensure that effective governance controls are embedded within all transformation program activities, individual projects, and business-as-usual operations to maintain consistent security standards.
• Develop, review, and maintain up-to-date security policies, standards, and procedures in accordance with recognised frameworks such as NIST CSF v2.0, Essential 8, and relevant regulations.
• Oversee the mapping of security controls to organisational risk appetite, regulatory requirements, and contractual commitments to ensure holistic coverage of all obligations.
• Drive the uplift of cyber risk management practices by conducting maturity assessments across the enterprise and recommending actionable improvements.
• Coordinate comprehensive cyber security risk assessments, track risk treatments through their lifecycle, and report on residual risks to senior stakeholders and governance forums.
• Act as a trusted advisor to external stakeholders, senior leaders, and project teams by providing expert guidance on cybersecurity risk management, governance strategies, and assurance processes.
• Collaborate effectively with cross-functional teams including IT, Legal, Risk Management, and Procurement to integrate security-by-design principles into technology projects from inception through delivery.
• Provide governance and assurance oversight for major cybersecurity transformation initiatives to ensure alignment with strategic objectives while adhering to budget constraints.
• Monitor project deliverables closely to confirm that security architecture components, operational processes, and technical controls are implemented according to agreed-upon standards.

To excel as a Senior Cyber Governance Risk and Compliance Advisor you will bring substantial experience gained within complex organisations where you have been responsible for designing or enhancing cybersecurity governance structures. Your background should include hands-on involvement with industry-standard frameworks alongside proven capability in interpreting regulatory requirements for practical implementation. You will have demonstrated your ability to coordinate risk assessment activities end-to-end—tracking issues through resolution while communicating progress clearly at all levels. Your interpersonal skills will enable you to build trust-based relationships across technical teams as well as executive leadership groups. A keen eye for detail combined with an analytical approach ensures you can identify vulnerabilities early while proposing pragmatic solutions that balance operational needs against compliance imperatives. Formal qualifications underpin your expertise while professional certifications further validate your commitment to best practice.

• Deep understanding of leading cybersecurity frameworks and standards including NIST CSF v2.0, Essential 8, ISO 27001, SOCI Act requirements, and NSW Data Classification Scheme.
• Proven ability to interpret regulatory mandates as well as contractual compliance obligations and translate them into actionable security controls tailored for diverse environments.
• Extensive experience in cyber risk management encompassing maturity assessments as well as successful delivery of uplift programs across large enterprises.
• Familiarity with enterprise-level security architectures covering endpoint protection strategies, identity and access management solutions, cloud security protocols, and incident response frameworks.
• Comprehensive understanding of modern transformation initiatives such as cloud adoption strategies, SaaS governance models, DevSecOps methodologies, and Zero Trust implementations.
• Demonstrated success in leading governance streams within major cybersecurity transformation programs while balancing competing priorities effectively.
• Skilled in engaging with stakeholders at all levels—building consensus through influence rather than authority—and negotiating outcomes that support both business goals and security needs.
• Exceptional written communication skills enabling you to craft board-level reports as well as detailed risk briefings suitable for non-technical audiences.
• Ability to distil complex technical information into clear insights that drive informed decision-making among senior leaders or project sponsors.
• Strong analytical mindset capable of assessing emerging threats quickly; identifying control gaps; proposing practical solutions; and adapting approaches based on evolving risks or technologies.
• Tertiary qualifications in Information Security Management or related fields are required; relevant certifications such as CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk & Information Systems Control), or ISO 27001 Lead Implementer/Auditor are highly desirable.

Aboriginal and Torres Strait Islander Peoples are encouraged to apply.

To apply please click apply or call Emma Crossing on +61 2 8289 3137 for a confidential discussion.

Location: Sydney CBD