Governance, Risk, and Compliance Analyst

**About the Company**

This IT Services and IT Consulting company is an Australian company that has core competencies in banking and financial services. They work with leading and local companies across the APAC region.

Their highly skilled, talented IT specialists are experts in their fields, and employees are placed in key value-adding roles with our customers on strategic projects to strengthen their core teams. The company is fiercely proud and supportive of the talented people they bring on board to join their company. They endeavour to find you challenging and fulfilling work that converts passion into action. They actively support and drive skills development to enable growth opportunities.
- Competitive Salary
- Flexible Work Arrangements
- Generous Benefits
- Opportunities for Growth
- Collaborative Culture

An opportunity has arisen for the Governance, Risk, and Compliance Analyst role. You will work with a range of stakeholders across the business providing information security compliance and risk management support and guidance.

**About the Governance, Risk, and Compliance Analyst Role**:
In the Governance, Risk, and Compliance Analyst Role, you will manage cyber security policies and standards, ensure they are periodically updated, and aligned them with the overall Banking Information Security Policy framework. You will be reporting to the Manager for Information Security.

**Key responsibilities**:

- Provide senior leadership support and guidance to other Governance, Risk and Compliance Analysts (GRC).
- The GRC analysts will report into this senior role for the duration of the contract.
- Maintain the Bank Information Security Framework in alignment with legal and regulatory requirements.
- Ensure and contribute to regulatory compliance including APRA CPS234
- Develop, maintain, and review security governance documentation including policies, procedures and guidelines for cyber security.
- Provide guidance to ensure compliance with information security policies and standards.
- Maintain the Information Security Risk Register
- Liaise with information system owners to support them in maintaining risk and compliance protocols and progress risk treatment plans.
- Contribute to technology strategies and product selections.
- Ensure security controls are implemented and tested in alignment with banking information security policies and standards.
- Play a lead role in governance, risk and compliance information security reporting.
- Manage third party risk including the third-party register, third-party assessments and third-party reporting.
- Identify and appropriately manage security risks and drive opportunities to improve security within the Bank environment.
- Build strong relationships with internal and external stakeholders to maintain and improve service to business users and enhance knowledge and information sharing.

To succeed in a Governance, Risk, and Compliance Analyst role, you should have at least one or more related certifications such as CISSP, CEH, CISA, CISM, etc. You must have the full working rights in Australia.

**Key requirements**:

- Degree in Computer Science or a related field
- Solid knowledge of information security principles and practices
- At least 4+ years’ experience in a combination of information security risk management, compliance, governance, and IT Audit
- Demonstrated experience in performing information security audits and control assurance activities across security controls.
- Demonstrated experience in performing third-party security assessments and an understanding of vendor security risk management and assessment practices
- Understanding of security risk and information security vulnerabilities
- Exposure and understanding of cyber security standards NIST Cyber Security Framework, ISO27001, PCI DSS
- Sound knowledge of contemporary information security management trends, tools, practices, and concepts
- Familiarity with the banking industry
- Understanding of APRA Prudential Standards relating to cyber security
- Strong knowledge of Cyber Security Infrastructure technologies, best practices, and broad knowledge of network security concepts
- An understanding and experience with third-party risk management
- An understanding of security technologies that are commonly used to detect, contain or prevent security incidents such as IDS/IPS, Endpoint Security, Firewalls, Content Inspection, and SIEM
- Experience in the development, operationalization and maintenance of security policies, procedures, and standards
- Strong communications skills - both verbal and written, being able to share knowledge and educate others.

If you are driven, determined, and want to take the next step in your career, this is the role for you. Great career progression opportunities await the right person in this exciting Governance, Risk and Compliance Analyst job.