Cyber Security Governance, Risk and Compliance Manager

Cyber Security Governance, Risk and Compliance Manager
Join to apply for the Cyber Security Governance, Risk and Compliance Manager role at Macquarie University
About the Role
Macquarie University is seeking a dynamic and experienced Cyber Security Governance, Risk and Compliance (GRC) Manager to lead the development and implementation of our cyber security GRC framework. This pivotal role ensures alignment with enterprise risk management and strategic objectives, while maintaining compliance with legal and regulatory requirements.
You will be a key advisor to senior leadership, shaping the University's cyber security posture across digital transformation, research infrastructure, and third-party engagements. This is an exciting opportunity to make a significant impact in a progressive, research-intensive university environment. This role reports to our Chief Information Security Officer.
Key Responsibilities
Lead the design and enhancement of the University's cyber security GRC framework.
Develop and maintain cyber security policies, procedures, and the Information Security Risk Register.
Manage risk assessments, compliance audits, and control testing.
Ensure compliance with NIST CSF, ASD Essential Eight, Privacy Act, and other relevant frameworks.
Collaborate with internal and external stakeholders to align risk and compliance efforts.
Prepare reports and briefings for senior leadership and governance bodies.
Implement quantitative risk models (e.g., FAIR) to support strategic decision-making.
Provide expert advice and support across the University on cyber risk and governance.
About you
You are a strategic thinker with deep expertise in cyber security governance, risk, and compliance. You thrive in complex environments and are passionate about building a strong security culture. You bring a collaborative approach and a commitment to excellence, along with the following qualifications and experience (selection criteria):
Tertiary qualifications in Information Security, Risk Management, Business, Law, or related field
Proven track record in designing, implementing, and managing risk-based governance structures, compliance programs, and audit processes in a large, multi-faceted organisation
Strong understanding of the Australian regulatory environment, including the Privacy Act, TEQSA, Notifiable Data Breach scheme, PSPF, and critical infrastructure obligations
Experience with GRC platforms and quantitative risk models (e.g., FAIR)
Strong knowledge of ISO/IEC 27001, NIST CSF, Essential Eight, and Australian regulatory frameworks
Excellent communication skills and stakeholder engagement capabilities
Industry certifications (e.g., CISA, CRISC, CGEIT, FAIR Risk Analyst, CISSP) (Highly Desirable)
About Us
Macquarie is a university engaged with the real and often complex problems and opportunities that define our lives. Celebrating its 60th year in 2024, it was established as a bold experiment in higher education and designed to break from educational traditions to work in tandem with industry. Institutionally we strive for the extraordinary by challenging convention and embracing different views. Our pioneering culture has encouraged and inspired students, staff and collaborators to break free from conventional thinking, and to actively shape the complex issues that define the future of humanity.
Why work at Macquarie
We rank amongst the top employers in the Australian Workplace Employers Index, having recently earned a five-star rating in the QS World Rankings with the highest rating for employability.
Our prime location, we are walking distance from Macquarie University Metro Station and Macquarie Shopping Centre. Not only are we close, take a look at our benefits on offer:
17% Superannuation
Subsidised onsite parking options
Flexible working options
Training and professional development
Discounted health insurance (Medibank)
Employee Assistance Program
Subsidised membership at the Sport & Aquatic Centre
Please note: This position will require a Criminal Record check & Qualifications check. AGSVA security clearance may be required. We reserve the right to progress or decline an application prior to the application closing date.
If you're already part of the Macquarie Group (MQ University, , MQ Health, MGSM), you'll need to apply through your employee Workday

---