GRC Consultant

At NCS Australia, we believe in doing technology services better. Our commitment to quality, focus on people, and willingness to challenge traditional thinking set us apart. Our team brings this belief to life by partnering with our clients and communities to make tomorrow together.

We are committed to creating an environment that prioritises innovation, collaboration, and purposeful work. Our diverse team is empowered to make a meaningful impact with curiosity, creativity and resilience to shape better outcomes. Join us and accept the challenge of creating a better tomorrow.

The Governance, Risk, and Compliance Consultant is the operational engine responsible for executing and maturing the lifecycle across highly regulated and government portfolios. This role is crucial for developing, authoring, and rigorously maintaining essential security documentation, notably the System Security Plans and Security Risk Management Plans. A core function involves ensuring absolute compliance and demonstrable alignment with the Australian Government's Protective Security Policy Framework and the Information Security Manual controls, ultimately supporting the formal accreditation and continuous security assurance of sensitive and classified systems.

• Accreditation Documentation Mastery: Develop, review, and maintain critical security documentation, specifically System Security Plans and Security Risk Management Plans, essential for meeting ISM and PSPF accreditation criteria.

• Risk Management Leadership: Conduct thorough, detailed risk assessments and govern both enterprise and project-level risk registers, ensuring strict alignment with ISO 31000 principles and ISM risk methodology.

• Security Accreditation Support: Directly support the formal security accreditation and certification processes for systems designated to operate within classified or highly sensitive environments.

• Expert Compliance Advisory: Serve as the subject matter expert, providing authoritative advice on compliance with key government mandates: PSPF, ISM, Essential Eight, and the Australian Privacy Principles.

• Framework Maturity Assessment: Lead maturity assessments and conduct comprehensive gap analyses against the PSPF, ISM, and ISO 27001 security management frameworks.

• Policy and Standard Governance: Develop, socialize, and maintain the foundational policies, standards, and procedures that govern organizational security, risk, and compliance.

• Assurance by Design: Collaborate actively with security architects and engineers to ensure that compliance and assurance objectives are effectively integrated into solution design from inception.

• Reporting and Stakeholder Engagement: Prepare clear, concise reports and presentations for executive stakeholders, auditors, and formal accreditation authorities.

• Audit Readiness and Support: Coordinate and support both internal and external audits, ensuring that all control artefacts and evidence are complete, accurate, and readily available.

• Cultivate Compliance Culture: Design and deliver security awareness and training sessions to systematically foster a strong, organization-wide culture of security and compliance.

• Regulatory Monitoring: Proactively monitor and assess changes in legislative and regulatory requirements, advising leadership on potential business and control impacts.

• Demonstrated, hands-on capability in producing, reviewing, and assuring {System\ Security\ Plans\ (SSPs)\ and\ Security\ Risk\ Management\ Plans\ (SRMPs)

• Strong experience in performing governance, risk, and compliance functions within Australian Government

• Strong, proven knowledge and practical application of key Australian Government security frameworks: {ISM, PSPF, Essential Eight, APP} (Australian Privacy Principles), and international standards (ISO\ 27001/31000

• Proven ability to execute, document, and report on detailed risk assessments, control effectiveness reviews, and formal compliance activities.

• Exceptional skills in technical documentation, high-level communication, and effective stakeholder engagement across complex environments.

• A solid understanding of compliance challenges and controls within modern ICT\ and\ cloud\ platforms} (e.g., Azure, AWS, Microsoft Defender, M365).

• Relevant tertiary qualification (e.g., Information Security, Risk Management, or related field).

Why join us: 

NCS Australia is where you can feel at home, nurturing your talents and skills as we make tomorrow together, one day at a time. Our benefits include paid parental leave, initiatives focused on your well-being and discounted health insurance. You will also enjoy discounts on various products and services and be regularly recognised and rewarded for high performance. We are committed to your career development through our Capability Fingerprint, industry and partner training programs, special interest groups, and an AI-driven learning platform. No matter where you are in your career, we offer meaningful work and opportunities for growth.

NCS Australia is an equal-opportunity employer, and we take pride in our commitment to valuing and supporting our people and the communities we serve.We are dedicated to attracting, retaining and developing our people regardless of gender identity, ethnicity, sexual orientation, disability and age. Applications are encouraged from all sectors of the community and we strongly encourage applications from the Veterans, Aboriginal and/or Torres Strait Islander community.

At NCS Australia, we are committed to supporting adjustments throughout the recruitment and selection process, as well as during employment. We actively support and encourage people with disability to apply. 

Agencies:

We've got this. We request that you do not contact NCS employees outside of the Talent Acquisition team. NCS exclusively accepts resumes from agencies on our preferred supplier panel through the NCS Agency Portal. Agencies that submit resumes must have a valid fee agreement and be assigned to the particular requisition by the Talent Acquisition team. Any resumes that are submitted outside of this process will become the sole property of NCS. If a candidate is hired outside of this process, no fee or payment will be given.

Work rights and background checks: 

To be eligible for a position with us, applicants will need to have valid work rights for Australia and be willing to undergo a comprehensive background checking process, including probity and police checks