Grc Lead

The Governance, Risk and Compliance (GRC) Lead will have a strong understanding of security and privacy principles as well as a sound understanding of regulatory and compliance requirements affecting the business. Support and maintain the Cyber GRC Program, including the development, implementation and maintenance of security policies, standards, guidelines and processes to ensure compliance is maintained and risk is mitigated.

**What’s the role?**
- Liaise with key internal and external stakeholders to ensure compliance with PCI DSS, SOX, Privacy and GDPR compliance requirements, audits and assessments.
- Assist in the risk assessment process and report on enterprise-wide and third-party security controls.
- Support management of audits, external assessments and assurance processes including, but not limited to PCI DSS, SOX and NIST CSF
- Engage with internal and external stakeholders to ensure compliance with the cybersecurity risk management framework
- Develop and manage meaningful metrics to measure and track cyber risks and the effectiveness of the governance, risk and compliance function
- Conduct compliance readiness assessments and assurance activities against policies, standards requirements.
- Track technology and cyber related audit findings and actions
- Assist in the development of effective measurement and simplified reporting of cyber security risks within the business
- Conduct third party security assessments against industry standards as well as News AU control standards
- Report on metrics, including KPIs and KRIs to measure and track cyber risk and the effectiveness of the Cybersecurity function
- Support user education and awareness training for all employees
- Assist in maintaining the cyber security risk register
- Assist in preparing Cybersecurity briefing for senior management

**Who are you?'**
- 5+ years’ experience within Cyber Security, ICT Audit or related fields
- Demonstrated experience in governance, risk and compliance in dynamic and complex cyber security, technology and business environment
- Strong knowledge and experience with Industry Frameworks and Standards such as NIST CSF, PCI DSS and ISO 27001
- Previous experience working in a SOX compliance environment is desirable
- Strong oral and written communication skills
- Qualification in Information Security, Computer Science, Engineering or similar
- Professional security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar preferred

**What’s in it for you?**
- Collaborative environment
- Opportunity to innovate, challenge the norm and pioneer the way forward
- Variety of work where no two days are the same
- Exposure to global operations and networks
- Make a difference as part of Australia’s most influential media organisation

**Who are we?**

**What’s next?