Governance, Risk and Compliance Analyst

**This opportunity is a 6-12 month FTC with the option to extend**

You will work with a range of stakeholders across the business providing information security compliance and risk management support and guidance.

Additionally, you will manage cyber security policies and standards, ensure they are periodically updated and aligned them with the overall Banking Information Security Policy framework.

**Reporting to the Manager, Information Security, you will**:

- Provide senior leadership support and guidance to other Governance, Risk and Compliance Analysts (GRC).
- The GRC analysts will report into this senior role for the duration of the contract.
- Maintain the Bank Information Security Framework in alignment with legal and regulatory requirements;
- Ensure and contribute to regulatory compliance including APRA CPS234
- Develop, maintain and review security governance documentation including policies, procedures and guidelines for cyber security;
- Provide guidance to ensure compliance with information security policies and standards;
- Maintain the Information Security Risk Register
- Liaise with information system owners to support them in maintaining risk and compliance protocols and progress risk treatment plans;
- Contribute to technology strategies and product selections;
- Ensure security controls are implemented and tested in alignment with banking information security policies and standards;
- Play a lead role in governance, risk and compliance information security reporting;
- Manage third party risk including the third party register, third party assessments and third party reporting.
- Identify and appropriately manage security risks and drive opportunities to improve security within the Bank environment;
- Build strong relationships with internal and external stakeholders to maintain and improve service to business users and enhance knowledge and information sharing

**QUALIFICATIONS AND EXPERIENCE:

- **
- One or more related certifications such as CISSP, CEH, CISA, CISM etc.
- Degree in Computer Science or related field
- Solid knowledge of information security principles and practices
- ** At least 4+ years’ experience in a combination of information security risk management, compliance, governance and IT Audit**:

- Demonstrated experience in performing information security audits and control assurance activities across security controls
- Demonstrated experience in performing third party security assessment and an understanding of vendor security risk management and assessment practices
- Understanding of security risk and information security vulnerabilities
- ** Exposure and understanding of cyber security standards NIST Cyber Security Framework, ISO27001, PCI DSS**:

- Sound knowledge of contemporary information security management trends, tools, practices and concepts
- Familiarity with the banking industry
- ** Understanding of APRA Prudential Standards relating to cyber security**:

- Strong knowledge of Cyber Security Infrastructure technologies, best practices and broad knowledge of network security concepts
- An understanding and experience with third party risk management
- An understanding of security technologies that are commonly used to detect, contain or prevent security incidents such as IDS/IPS, Endpoint Security, Firewalls, Content Inspection and SIEM
- Experience in the development, operationalisation and maintenance of security policies, procedures and standards
- Strong communications skills - both verbal and written, being able to share knowledge and educate others
- ** FULL Working rights in Australia