Senior Cybersecurity GRC Consultant

Triskele Labs are one of the leading providers of cybersecurity services in Australia. We assist clients to reduce their risk of a cyber compromise through the delivery of risk-considered controls.

Triskele Labs are one of the last remaining boutiques in Australia. We are currently the largest CREST Registered Penetration Testing company in Melbourne and one of the only boutiques to run a 24x7x365 Security Operations Team completely onshore.

Are you passionate about helping organisations improve their cybersecurity in a practical, meaningful way? Triskele Labs is looking for aSenior GRC Consultantto lead client engagements focused onGovernance, Risk and Compliance (GRC).

In this client-facing role, you'll work across a range of industries, delivering expert advice, conducting assessments, and supporting implementation of frameworks likeCPS 234, NIST CSF, PCI DSS, and ISO 27001. A solid technical understanding of the controls behind these standards is essential.

You'll also guide project delivery, mentor team members, and contribute to the growth of our GRC practice. Acting as a trusted advisor to both technical teams and executives, you'll help bridge the gap between cybersecurity best practices and real-world business needs.

If you're looking for a role where your expertise is valued and your work has real impact, this could be a perfect fit.

• Lead GRC consulting projects (e.g., ISO 27001, NIST CSF, CPS 234, PCI DSS)
  • Develop and review cybersecurity policies, procedures, and controls
  • Perform risk assessments, maturity reviews, and roadmap development
  • Advise on control design and implementation
  • Conduct technical audits and third-party risk assessments
  • Prepare board-level reports and client-ready documentation
  • Mentor junior consultants and contribute to practice growth
  • Deliver client work on-site as needed
  Experience & Skills
  • 5+ years in information security, 3+ in GRC consulting
  • Experience with ISO 27001, NIST CSF, CPS 234, PCI DSS
  • Background in technical roles (e.g., help desk, sysadmin)
  • Strong stakeholder communication and engagement skills
  • Knowledge of cloud security (AWS, Azure, GCP)
  • Experience with PCI-DSS/QSA or third-party risk is a plus
  Certifications

Required:

• CISSP
• CISM or CISA
• SABSA
• ISO 27001 Lead Implementor

Preferred:

• PCI QSA
• ITIL Foundations

• Excellent written/verbal communication
• Strong problem-solving and analytical thinking
• Ability to manage multiple engagements
• Team-first mindset with autonomy in a fast-paced environment

• Timely, high-quality client delivery
• Positive client and stakeholder feedback
• Contribution to documentation and thought leadership
• 80% billable utilisation
• Active professional development

• Reports to: GRC Practice Lead or Head of Advisory
• Works with: PMs, technical teams, and clients

Team culture is everything to Triskele Labs and it is the reason we exist. We are a forward-thinking company and always looking for ways to boost our team culture to ensure we are a destination employer. We continually undertake surveys to seek feedback from our team on ways we can improve our work environment and team member experience at Triskele Labs.

We provide our team a great range of additional benefits such as:

• Hybrid Flexibility; Enjoy a balanced workweek with 3 days in-office and 2 days remote (subject to client needs).
• Diverse Client Projects; Work across sectors on high-impact cybersecurity engagements using top frameworks like ISO 27001, NIST CSF, CPS 234, and PCI DSS.
• Career Growth & Development; Access ongoing training, mentorship opportunities, and support for certifications like CISSP, CISA, and ISO 27001.
• Thought Leadership Opportunities; Contribute to blogs, whitepapers, and industry events to showcase your expertise.
• Team Culture & Connection: Enjoy regular events and activities organised by our dedicated People & Culture team.

Working Arrangements:

The role is full time, Monday to Friday in our Collins St Melbourne Office, with Hybrid working arrangements: 3 days in-office, 2 days remote (client needs may vary)and occasional interstate travel required.

If you've made it this far, there's a good chance you're who we're looking for

At Triskele Labs, we value initiative and attention to detail—so please include a cover letter addressed toThomas Mwith your application. Applications without a cover letter will not be progressed.