Cyber Security GRC Associate

Overview

More and Tangerine are two fast-growing challenger brands in the telecommunications space, offering nbn, mobile and fixed voice products to consumers and small businesses across Australia. We're rapidly expanding and are looking for a Cyber Security GRC Associate in Melbourne. This junior role is ideal for recent graduates or professionals with 1–2 years of experience who are passionate about cybersecurity and eager to grow in a dynamic environment.

As a GRC Associate, you'll support the organisation's cybersecurity governance and assurance activities. You'll contribute to documenting controls, conducting risk assessments, maintaining compliance records, and continuously improving our security posture. You'll work closely with our Cyber Security Architect and other stakeholders to ensure practices align with internal policies, regulatory obligations, and recognised industry standards. More (www.more.com.au) and Tangerine (www.tangerine.com.au) are part-owned by the Commonwealth Bank of Australia (CBA), which provides additional benefits for CommBank customers and staff.

Responsibilities

• Assist in documenting and maintaining key cybersecurity controls in alignment with standards such as ISO/IEC 27001 and PCI-DSS.
• Support the maintenance of the Cyber Risk and Controls Register in collaboration with technology, risk, and compliance stakeholders.
• Contribute to control testing activities using the company's Assurance Methodology to evaluate the effectiveness of cybersecurity controls across systems, applications, and IT General Controls.
• Help develop and maintain cybersecurity policies, standards, and procedures under the guidance of senior team members.
• Assist in integrating key controls into GRC platforms (e.g., Vanta) and automated assurance tools to support control automation and monitoring.
• Support the preparation of management reports and dashboards that provide visibility into the risk and control landscape.
• Track progress on risk reduction initiatives and assist in documenting remediation efforts.

Experience & Skills

• 1–2 years of experience in cybersecurity, IT risk, compliance, or audit roles, or relevant academic/internship experience.
• Familiarity with industry frameworks and standards such as ISO/IEC 27001 and PCI-DSS is highly desirable.
• Basic understanding of IT General Controls (ITGCs) and foundational knowledge of risk assessment and control assurance practices.
• Exposure to technologies such as Azure, firewalls, identity and access management (IAM), intrusion detection/prevention systems (IDS/IPS), encryption, and SIEM platforms.
• Experience or familiarity with GRC platforms and/or Continuous Controls Monitoring and Assurance (CCMA) tools—experience with platforms such as Vanta is a strong advantage.

Skills

• Degree in cybersecurity or related fields.
• Strong attention to detail and a structured, process-oriented mindset.
• Basic understanding of cybersecurity principles, risk management, and compliance frameworks.
• Ability to interpret and apply policies, standards, and regulatory requirements.
• Proficient in documenting processes, controls, and findings clearly and accurately.
• Effective communication skills, both written and verbal, with the ability to collaborate across technical and non-technical teams.
• Analytical thinking and problem-solving abilities, with a willingness to learn and adapt.
• Familiarity with Microsoft Office tools (Excel, Word, PowerPoint); experience with GRC platforms (e.g., Vanta) is a plus.

The Perks

• Free home internet & mobile phone plan
• Ongoing learning and development opportunities
• $150 voucher and a day off to celebrate your birthday
• Generous paid Parental Leave
• Work anniversary prizes
• Positive Customer Feedback & Employee Shout Out prizes
• AFL and BBL season tickets
• Samsung product discounts through our partnership
• Partnerships with charities, Telco Together and Pancare
• Our Christmas party

This is a fantastic opportunity to kickstart your career in cybersecurity while contributing to our organisation's risk and compliance maturity.

Seniority level

Associate

Employment type

Full-time

Job function

Engineering and Information Technology

Industries

Telecommunications

Location: Melbourne, Victoria, Australia

Salary: A$65,000–A$80,000 per year

#J-18808-Ljbffr

---