Compliance and Controls Assurance Analyst

Department: IT - ANZ
- Location: North Strathfield, NSW, AU, 2137
- Job Function: IT - ANZ
- Employment Type: Full time

The Arnott’s Group portfolio of brands continues the 158-year legacy of the Arnott family, providing quality, great-tasting food to create delicious moments for consumers across the world.

**About the Role**:
Join the Cyber Security Team at Arnott’s Group as a Compliance and Controls Assurance Analyst within the Digital and Technology division. This operational, execution-focused role will support and enhance Arnott's technology and cyber security approach by ensuring compliance with internal and external requirements, managing risks, and driving controls assurance initiatives. You will oversee compliance management by addressing security training, cyber insurance submissions, external audit findings, penetration testing resolutions, and privacy risks. Additionally, you will focus on controls assurance by analysing and testing technical security controls, ensuring they function as intended, validating processes and secure configurations, and maintaining operational standards. Reporting to the Head of Cyber Security, you will collaborate with technology teams, business stakeholders, and external partners to deliver tangible security outcomes.

**Perks**:

- Discounted Gym Memberships
- 12 Weeks Paid Parental Leave for all new parents.
- Free onsite parking
- Discounted Products
- Discounted Health Insurance

**Our Culture**:
We stand for high performance with integrity and find moments of pride and celebrate the wins gained from our collective effort. These are part of our culture and the cornerstones of The Arnott's way. When you join our team, you can expect to experience a real sense of belonging, be empowered with accountability, be recognised for your contribution, collaborate with great people.

**What your days looks like**:

- Oversee the deployment and maintenance of Arnott's security awareness training and phishing simulation platform, ensuring alignment with evolving threats and employee roles. This includes managing training rollout, addressing training requests and issues, monitoring completion rates, and assessing the effectiveness of training with regular reporting to leadership.
- Regularly evaluate the effectiveness of cybersecurity controls against frameworks like NIST (National Institute of Standards and Technology) and MITRE ATT&CK, identify gaps, and prioritise adjustments based on risk. This involves testing detection and response capabilities, validating secure configurations, overseeing the remediation of gaps, and maintaining relevant technical documentation.
- Facilitate cyber-related compliance initiatives by supporting risk management reporting, coordinating external audits, and tracking rectification activities. This includes cyber insurance reporting, crisis management simulation activities, vendor risk assessments, and supporting compliance frameworks such as PCI DSS (Payment Card Industry Data Security Standard) and the Privacy Act information security requirements.
- Coordinate the cyber risks and issues register, tracking risks identified in projects and ensuring timely resolution. This responsibility ensures risks related to projects, technical controls, and external audits are monitored and mitigated to uphold Arnott’s cybersecurity posture.
- Support and facilitate cyber simulation activities and outcome reviews with the Crisis Management Team, including interactions with key suppliers. This includes ensuring the organisation's readiness for cyber incidents through simulation testing and identifying actions for improvement.

**The Ingredients for Success**:

- A bachelor's degree in computer science, information systems, or a related field, along with relevant industry certifications such as CISA, CISM, CISSP, or similar credentials.
- 3-4 Years of experience in information security, cyber risk and compliance, IT controls assurance, or roles with a cybersecurity focus, preferably within IT teams or risk functions.
- Familiarity with frameworks such as NIST, ISO27001, PCIDSS, and the Privacy Act, which demonstrate a strong understanding of industry compliance and risk frameworks.
- Proven experience in analysing and validating security controls, as well as familiarity with cyber defence technologies like firewalls, intrusion detection systems, VPNs, penetration testing, and other risk mitigation tools.

**To Apply**:
If this sounds like your next opportunity, please follow the link, and apply.

We value diversity in our workforce. If you require any reasonable adjustments, please inform our team so that we can work together to support your needs throughout the recruitment process.
- We do not accept unsolicited resumes from agencies