Enterprise Risk Manager

The primary objective of this position is to oversee and implement Enterprise Risk Management, ensuring compliance with Legal and Regulatory obligations, as well as maintaining ISO27001 certification for our Information Security Management System.

As a key member of our team, you will be responsible for managing a range of tasks, including but not limited to:

• Maintaining certification as an ISO27001 Lead Implementer or equivalent;
• Ensuring the successful maintenance and maturity of our ISMS and all associated policies and processes;
• Ensuring compliance with our certifications, risk appetite, business objectives, and legal and regulatory obligations;
• Defining, approving, and communicating risk assessment and treatment processes; conducting risk assessments, identifying risk owners, and keeping committees informed of critical risks;
• Updating, reviewing, and/or developing organizational literature, including strategies, plans, policies, frameworks, matrices, processes, and standards, and ensuring such documents are communicated to relevant stakeholders and regularly reviewed and updated to reflect changes in business requirements and strategies;
• Maintaining asset and risk registers;
• Supporting the improvement of organizational literature through presentations to relevant stakeholders;
• Ensuring compliance with certification and frameworks, and reporting non-conformities to the Board;
• Developing KPIs to measure the effectiveness of frameworks and monitoring and reporting on such measures;
• Leading the Risk Management Committee, which includes circulating agendas/schedules for committee meetings, maintaining meeting minutes, and following up on action items;
• Supporting the security incident response committee and processes;
• Managing Risk and Compliance awareness campaigns and cyber simulation exercises;
• Leading on all Internal Audits and Certification Audits, and managing any resulting corrective actions plans;
• Managing contracts with clients, including compliance with all legal, regulatory, and contractual obligations, as well as assisting with client tenders, reviews, assessments, and questionnaires;
• Leading the strategy and maturity of AML/CTF legal obligations;
• Leading the development of Sustainability/ASRS compliance;

To be considered for this role, you must have:

• A qualification in ISO / IEC27001 lead implementer or equivalent;
• Risk management experience in professional services, preferably in the legal industry;
• Strong technical knowledge of enterprise and operational risk frameworks;
• Confident stakeholder engagement skills, with the ability to influence and lead in a fast-paced environment;
• An entrepreneurial, pragmatic, solutions-focused, and adaptable approach to changing business needs;
• Excellent written and verbal communication skills;
• A high level of motivation, proactivity, and commitment to producing high-quality work;

We focus on delivering innovative and practical solutions to the legal and business hurdles that our clients face. Our client-centric approach ensures we always deliver on our promises, building relationships based on trust and collaboration.

We are a specialist, commercial firm with offices in Sydney, Melbourne, Brisbane, and Newcastle, with a reach throughout the rest of Australia. You can be confident you are getting the development, support, and hands-on experience to grow and sustain your successful legal career.

We pride ourselves on our passion for excellence, teamwork, integrity, and leadership, which is embodied through our values that guide us in our day-to-day activities and product offerings. We are committed to diversity and a culture of inclusion, recognizing our differences as a source of strength and imperative to our success.

Our social and people-oriented environment aims to improve our people's lives both in and outside of the workplace, which includes ongoing training and development, team and firm-wide social events, competitive paid parental leave schemes, employee achievement awards, discounted gym memberships, and health insurance options.