IT Governance, Risk and Compliance Specialis

Welcome to Centorrino Technologies, the ultimate destination for tech enthusiasts We're not just any workplace, we've been certified as a Great Place to Work and ranked 23rd in Australia's Best Workplaces 2022, and now we've been rated as the coolest Best Place to Work in Tech 2023 With a team of over 260 tech wizards, we're constantly pushing the boundaries and working at the forefront of the tech industry in Australia and NZ.

Our CEO Adam Centorrino is dedicated to customer service, having won the Customer Service Executive of the Year award twice, and we've also won an incredible 10 consecutive Australian Service Excellence Awards We're not just focused on our customers, we prioritise our employees too. With flexible work culture, growth opportunities, wellness benefits, and an inclusive workplace culture, we're dedicated to making sure our team members are happy.

Now, enough about us - let's talk about you. We're expanding our dream team, and we're on the hunt for a key role to join our Professional Services Team.

**Key accountabilities**
- Works with SME’s to implement, track and report on security controls. Manage the risk assessment framework, and assurance program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer’s objectives and supports an uplift in security maturity.
- Evaluates security risks and controls, and develops security standards and procedures, to manage risks. Improves customer’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts. IT Governance, Risk and Compliance Specialist
- Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- Updates security controls and provides support and advice to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and other relevant compliance requirements.
- Performs and investigates internal and external information security risk and exceptions assessments. Handle Incident playbooks, penetration testing, phishing, and social engineering campaigns and awareness training.
- Performs and maintains Risk Assessments, Third-party Risk Assessments. Maintains the IT Risk register and reports IT Security risks to management.
- Documents and reports control failures and gaps to management. Provides remediation guidance and prepares management reports to track remediation activities. - Assists other staff in the management and oversight of security program functions.
- Trains, guides, and acts as a resource on security assessment functions to other business units within customer.
- Proactively develop, maintain and effectively manage constructive working relationships with internal teams, delivery partners and key external agencies.
- Remains current on best practices and technological advancements and acts as the customer’s technical resource for security assessment and regulatory compliance.
- Performs other related duties as assigned.

**Requirements**:
**Capabilities - Proficiency level**

Commits to customer service - Advanced

Displays leadership Intermediate Generates and delivers the strategic vision - Advanced

Demonstrates an awareness of the National Registration and Accreditation Scheme (the National Scheme) and the National Law Foundation Builds constructive working relationships - Highly Advanced

Communicates effectively Highly Advanced Demonstrates accountability in delivering results - Highly Advanced

Uses information and technology systems Highly Advanced Displays personal drive and integrity - Advanced

**Qualifications**

Formal qualifications in Business Management, Information Technology Management or related field. Relevant tertiary qualification and/or equivalent level of experience across required areas of expertise - PSPF, ISM, NIST, ISO2700 series

**Experience**

1+ years of relevant experience in implementing, managing, reviewing and improving internal security controls for governance, compliance and quality, IT audits, or assurance and risk management programs. Track record of performing internal or external audits (financial/operational/IT) in accordance with relevant professional standards. Demonstrated ability to work with and report to a governance board (i.e. audit committee or similar). Highly proficient in audit methodologies, especially but not limited to those applicable in IT environments. Highly skilled in designing and implementing compliance and control frameworks including business process reengineering. Exper