Governance & Risk Compliance Analyst

The McMillan Shakespeare Group (MMS) is a trusted provider of salary packaging, novated leasing, disability plan management and support co-ordination, asset management and related financial products and services. From our origins in 1988 when we created Australia’s salary packaging industry to today, MMS has a proud history of innovation and exceptional service.

Through our subsidiaries, we offer a breadth of services and expertise designed to responsibly deliver superior long-term value to our clients and customers, which include Federal and State governments and some of the largest public and private sector, health and charitable organisations.

At the heart of achieving this mission is our team. Driven by a passion for the work we do, we work together with our customers to make a real difference to people’s lives.

MMSG has several compliance obligations imposed by the regulatory and contractual environment in which we operate. The Governance Risk and Compliance Analyst role is tasked with coordinating and performing MMS security assessment and control testing reporting, analysing and monitoring strict compliance of internal IT controls, regulatory and information security policies and procedures. This role works with internal and external audit firms to provide supportive documentation as applicable.

The role can be done from Adelaide, Brisbane, Melbourne or Sydney.

A key component of the role is monitoring compliance of IT security controls (ISO27001, ASD (Essential Eight), NIST), conducting risk assessments, supporting security education and awareness programs, ensuring staff and 3rd parties are abreast of due diligence and compliance requirements, writing business communications about new security threats and working with IT functional teams and business stakeholders to ensure baseline security requirements are met and assets remain protected within these functional areas.

The Governance Risk and Compliance Analyst is also responsible in ensuring the security of all protected information collected, used, maintained, or released by MMS.

The Role:

- Implement security controls, maintaining and reporting risk assessment frameworks, ensuring documented and ongoing compliance that aligns and advances MMS business objectives
- Evaluate risks and develop security procedures, and controls to manage risks, improving MMS’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities
- Conduct regular risk assessments and workshops to ensure risks to MMS are assessed and understood, and are fed back to stakeholders to ensure the continued effectiveness of the risk management strategy
- Provide support and relevant guidance to external auditors and ensure relevant artefacts are timely provided
- Evaluate cyber-security standards including NIST, ASD (Essential Eight), ISO27001 and PCI DSS for alignment with internal frameworks
- Implement processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing
- Ensure internal security standards, policy, audit, and contracted security requirements are communicated across the business and with 3rd Parties
- Develop reporting metrics, dashboards, and evidence artefacts
- Define and document business process responsibilities and ownership of the controls
- Schedule regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports
- Document and report control failures and gaps to stakeholders, providing remediation guidance and prepare management reports to track remediation activities
- Assists other Cyber Security team members in the management and oversight of security program functions
- Contribute to improve risk posture, contribute solutions for remediating or mitigating risks and assess residual risks
- Train, guide, and act as a resource on security assessment functions to other departments
- Any other security risk and compliance initiatives, as requested.

You will bring:

- Experience in IT Security and Risk Management such as ISO 31000.
- Experience with legal and regulatory obligations such as the Australian Privacy Principles.
- Experience with ISO27001, ASD Essential Eight, NIST PCI DSS
- Tertiary qualification in a Computing/IT discipline is preferable.
- CRISC Certification

What we can offer you:
- Our strong people-first culture- Flexible/hybrid working to enhance your work/life balance- Novated lease benefits and discounts- 12 weeks Paid Parental leave and access to our Parents Portal- Exempt Employee Share Plan- Paid Income Protection Insurance under MMSG default Super plan- Access to a broad range of learning and development programs- Career break and volunteering leave- Access to Employee Assistance Program and annual Flu vaccination- Lifestyle Rewards program

As an employer who embraces Diversity, Equity & Inclusion, we hold a collective commitment to foster an en