Cybersecurity Consultant

You need to be an Australian Citizen with baseline clearance or NV1 for this role to be eligible.
Our Why
Datacom works with organisations and communities across Australia and New Zealand to make a difference in people’s lives and help organisations use the power of tech to innovate and grow.
About the Role (your why)
The Cybersecurity Consultant role, with a focus on Governance, Risk and Compliance (GRC), is responsible for helping Datacom’s customers strengthen their security posture by aligning security measures with business goals.
You will work closely with Datacom’s customers to ensure compliance with key Australian cybersecurity standards and regulations, primarily with the Australian Signals Directorate (ASD) Information Security Manual (ISM) and Essential Eight (E8), the Commonwealth Protective Security Policy Framework (PSPF) and may include other supporting international and national security standards and industry frameworks.
This role is ideal for security professionals with 3-5 years of experience who can conduct GRC assessments, making a direct impact on Datacom’s customers' cyber resilience and compliance to protect against cyber threats..
What you’ll do
- Security Consulting: Act as a trusted advisor to Datacom’s customers and internal stakeholders, understanding their cybersecurity needs and providing expert guidance and security solutions.
- Stakeholder Collaboration: Collaborate with cross functional teams to ensure a shared understanding of security risks and propose fit for purpose mitigations. This may include working closely with project managers, technical support teams, architects, third party vendors, developers, security teams and business units to integrate security requirements into projects or business as usual (BAU) tasks.
- Project Delivery: Support the planning and delivery of security projects or Datacom’s engagements, ensuring outcomes are achieved on time and meet quality standards. Maintain documentation of activities and track progress against project goals.
- Continuous Improvement: Stay up to date with the latest cyber threats, vulnerabilities, and best practices. Proactively recommend improvements to security policies, processes and tools to enhance overall security posture.
- Communication and Reporting: Prepare clear reports and presentations on security findings and recommendations. Communicate technical information to both technical and non-technical audiences (e.g. executives or customers) in an understandable manner, to facilitate informed decision-making.
- Risk Assessments: Conduct comprehensive cybersecurity risk assessments and business impact analyses to identify vulnerabilities and evaluate potential threats. Develop risk artefacts such as plans, reports or registers and create roadmaps for safeguarding critical assets based on assessment findings.
- Compliance and Audit: Undertake compliance assessments against relevant standards, frameworks and regulations (e.g. ISM, PSPF or ISO 27001/27002). Ensure the organisation
- meets requirements of frameworks and industry-specific regulations. Prepare for and support internal (Datacom) and external (IRAP or ANAO) audits, addressing any compliance gaps identified.
- Policy Development: Develop and update security policies, plans, standards, and procedures aligned with best practices and regulatory requirements. This includes authoring cybersecurity policy documents and process improvement artefacts to strengthen governance. Ensure that policies reflect frameworks and are communicated effectively across the organisation.
- Security Strategy and Advisory: Contribute to the creation of tailored cybersecurity strategies and governance frameworks that align with Datacom or the customers’ unique business objectives and risk appetite. Provide advice to senior management on implementing security controls and risk treatments in a pragmatic, business-aligned manner.

What you’ll bring
- 3-5 years of hands-on experience in cybersecurity or information security roles, preferably including some time in a consulting or advisory capacity with large organisations is highly desirable.
- Working in roles with direct exposure to GRC within the Australian Government will be a distinct advantage, but not mandatory.
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field or equivalent work experience in a relevant discipline can be advantageous but not mandatory.
- Professional security certifications are highly valued. Certifications such as CAP, CISM, CISA, CRISC, or ISO 27001 Lead Auditor/Implementer or similar security certifications demonstrate relevant expertise. Certifications like CISSP (or Associate of CISSP), CEH, OSCP, or relevant SANS GIAC certifications (e.g. GSEC, GCIH, GPEN) are a plus. Certification in cloud security (e.g. AWS Security Specialty, CCSP) or other specialised areas is also highly regarded.
- Knowledge of Australian cybersecurity and privacy regulations (e.g. famili