IT Security Grc Manager

**Location**: Sydney, Brisbane, Melbourne

**Contract Type**: Permanent

MinterEllison is one of Australia’s largest law firms, with nearly 200 years of business history. We're known for our legal and consulting expertise - and for our inclusive and authentic character.

Our purpose is to create sustainable value with our clients, people and communities. That means we have a proud history of providing excellence to clients, nurturing our people and giving back to the communities in which we live and work.

We value excellence, curiosity and collaboration. Clients rely on us for our responsive, commercial approach. Our clients include government departments and agencies, private and publicly listed companies, and small and large businesses in Australia and overseas.

**The Role**

We are currently recruiting for an experienced IT Security GRC Manager to join our internal digital team based in either our Sydney, Melbourne or Brisbane office. In this role, you will be responsible for managing and maintaining the end to end IT security GRC portfolio under our IT security assurance practice. The IT security assurance practice covers: cyber risk management, compliance framework and certification program, client assurance and contract reviews, supply chain security, internal audit, and cyber awareness program.

Agile working arrangements are supported at the firm with a minimum or 3 days in the office required.

In this role you will have the opportunity to:

- Uplift and develop a high-performing IT security GRC practice across all IT security assurance areas, fostering a culture of excellence, collaboration, and continuous learning
- Implement a robust IT security compliance framework program integrating multiple compliance certification, frameworks, policies and standards
- Lead and maintain certifications across multiple standards/frameworks and internal audits
- Perform cyber hygiene audits to ensure compliance with external and internal policies, regulations, standards and compliance with client contracts
- Lead client assurance program including responding to client audits/questionnaires, reviewing client cybersecurity contracts, updating MinterEllison Trust Centre and maintaining a high client engagement & experience
- Collaborate with Chief Risk Office to manage and maintain cyber risk lifecycle including cyber risk registers and dashboards
- Lead supply chain cyber risk management program including annual reviews and spot checks
- Maintain cyber security awareness and training programs including role-based training across the Firm
- Provide high quality reporting and updates on cyber security to senior leadership including KPIs/KRIs
- Assist with IT security operations on any cybersecurity incidents during and, if required, after business hours
- Ensure efficient use of managed security services and/or external consultants in the GRC domain.
- People leadership responsibility for one direct report.

**More About You**
- 8 years+ demonstrated, direct, hands on experience in the above mentioned GRC areas, including 2-3 years hands on, direct experience in managing assurance programs
- Strong written and verbal communication skills to engage with all levels of business
- Pragmatic and collaborative with various stakeholders with the ability to bring people on a journey
- Demonstrated experience in writing high quality executive reports/briefings
- Expert knowledge of information security principles, standards and frameworks such as ISO27001. Familiarity with of NIST, SSAE16, APRA CPS234, ASD essential 8, VPDSF
- Knowledge of security policies, standards, and practices.
- Knowledge of the infrastructure, operations, and systems of information technology.
- Agile-mindset, incremental delivery over perfection, willingness to try new approaches to a problem
- Ability to manage projects and tasks independently with little supervision
- Relevant security trainings/certifications not mandatory but will be highly desirable
- Ability to use GenAI models and other pragmatic approaches to improve efficiencies/quality or delivery
- Be up-to-date with information security best practices and industry trends for security solutions and standards

**Why MinterEllison**

We offer flexible working options to encourage balance, wellbeing and support for sustainable ways of working and a range of social, financial and health benefits, including free gym membership - all with no minimum tenure.

**How to apply