Cyber Security, Grc Specialist

**About Snowy**:
Snowy Hydro is a dynamic, integrated energy business that has been providing on-demand, reliable energy to Australia for generations. Snowy Hydro owns and operates a powerful combination of generation assets, including the mighty Snowy Mountains Scheme, gas and diesel plants, and contracted wind and solar energy. We also provide electricity and gas to about 1.5 million retail customers through our retail brands Red Energy and Lumo Energy.

Snowy 2.0 is Australia’s largest committed renewable energy project. This nation-building project will provide on-demand energy and large-scale storage for many generations to come.

**About the position**:
Are you a seasoned Cyber Security - Governance, Risk & Compliance Specialist with a proven ability to develop, implement, and manage information security governance, risk management, and compliance programs? We are seeking a professional who can ensure compliance with relevant laws, regulations, and industry standards, while proactively identifying, assessing and mitigating cyber risks.

**Key Responsibilities**:

- Develop, implement, and manage information security governance, risk management, and compliance programs.
- Ensure adherence to relevant laws, regulations, and industry standards, while proactively identifying and mitigating cyber risks.
- Develop, implement, and maintain information security policies, standards, guidelines, and procedures.
- Conduct information security risk assessments and maintain a comprehensive risk register.
- Ensure adherence to applicable Australian and international cybersecurity laws, regulations, and standards.
- Coordinate and support internal and external security audits.
- Collaborate effectively with IT, Legal, Audit, and business units to integrate security GRC requirements.

**About the location**:
This role can be based in either Melbourne or Sydney, offering flexibility to suit your lifestyle and preferences. We have an office in both cities providing excellent opportunities for professional growth, networking, and innovation in the cybersecurity and compliance space.

Whether you choose Melbourne—with its vibrant arts scene, diverse culture, and renowned food and coffee—or Sydney, known for its iconic harbour, dynamic business environment, and coastal lifestyle, you'll be working in a location that supports both career advancement and quality of life. Our centrally located offices in both cities are easily accessible by public transport and surrounded by a wide range of amenities.

**About you**:

- Degree in IT, Computer Science, Cybersecurity, or related field, or equivalent experience.
- 7+ years of progressive experience in information security, with a strong GRC focus.
- Proven experience with hands-on delivery of developing and implementing security policies, standards, and procedures.
- Demonstrable experience conducting risk assessments and managing risk registers.
- Solid understanding of common information security frameworks (e.g., AESCSF, ISO 27001, Essential Eight) and Australian cybersecurity regulations (e.g., Privacy Act 1988, CPS 234).
- Excellent written and verbal communication, strong analytical skills, and ability to work independently and in a team.
- Relevant industry certifications (CISSP, CISM, CISA, CRISC, CompTIA Security+) are highly regarded.
- Experience with GRC platforms, cloud security, agile methodologies, and in the energy/utilities industry are advantageous.

**About our workforce**:
Diversity and inclusion is important to us. Snowy Hydro has a culture of decency and inclusion, with a commitment to the health and wellbeing of our people and a supportive environment to ensure that everyone - regardless of background - feels included and can succeed. At Snowy Hydro, we recognise that we are made stronger by the unique capabilities and qualities that each individual brings, and we believe in providing an environment that allows that uniqueness to thrive.