Grc Analyst

GRC Analyst opportunity focused towards SOX compliance frameworks
- Work with a leading company who are expanding their presence Nationally
- Flexible hybrid working conditions on offer

We have a rewarding new permanent opportunity available for a **Governance, Risk, and Compliance Analyst (GRC & SOX Analyst), **to join a supportive and growing technology team based in Sydney, New South Wales.

This is a mid-senior level position, and the GRC Analyst will have hybrid working conditions on offer, ideally with work onsite for 3 days a week, collaborating with an internal team of passionate technology enthusiasts, and this new hire will be reporting directly the Technology Operations Manager.

**In this role, you’ll be responsible for day-to-day responsibilities, including**:

- Overseeing and managing the risks associated with third-party vendors and suppliers.
- Updating and maintaining policy documentation across all Business Units.
- Participate in and support the implementation of **SOX compliance and frameworks.**:

- Support the Corporate IT Operations function to manage risk and compliance processes, establish and enhance compliance frameworks and support policy frameworks to adhere to regulatory requirements.
- Leading the third-party vendor management program to identify and manage risks posed by third parties that the company works with.
- Maintaining and updating risk registers.
- Developing Enterprise risk dashboards and working on threat and risk assessments.
- Reporting key risks to Executive management.
- Promoting risk ownership across the organisation and business units.
- Collaborating with cross-functional teams to facilitate enterprise risk management, identify and analyse risks, develop risk mitigation strategies.
- Work with the internal GRC tools & platforms to continuously improve processes and implement and manage governance frameworks.
- Conducting information security audits, assessments, and reviews to ensure compliance with internal policies, standards, and external industry regulations.
- Developing and managing the cyber security awareness training program and identifying areas for improvement.
- Ensuring 100% compliance with safety regulations and promptly reporting potential breaches for corrective action.

**Skills & experience required to enhance your success in this role, includes**:

- Hands-on experience in the field of Governance, Risk and Compliance, across Information and Cyber Security disciplines.
- Commercial experience working in Governance, Risk, and Compliance, with a primary focus on governance & compliance.
- Possess experience and exposure to **SOX compliance and frameworks.**:

- Possesses a genuine interest and passion for Cyber and Information Security.
- Self-motivated and capable of taking ownership of this function, as this will be a lean technology team that you’ll be joining which requires a good sense of ownership and autonomy.
- Ability to provide guidance and add value to the other the company’s business units by presenting scenarios and influencing team members.
- Familiarity with key risk frameworks such as NIST, ACSC, ISO27001, PCI, ASD Essential Eight, SOCI etc.
- Understanding of the role of key audit reports, such as PCI and ISO27001.
- Previous experience working as a GRC Analyst or GRC Business Analyst with a compliance focus.
- Sound knowledge of information security tools and technologies, such as firewalls, antivirus, encryption, SIEM, vulnerability scanners, etc.

Please kindly note, that to be considered for this role, you must be located in Australia and possess full work rights.