Cyber Governance, Risk and Compliance Specialist

Cyber Governance, Risk and Compliance Specialist

About ARTC

We're one of the country's largest rail network owners, proud to be keeping the future of transport on track.

A vital link in the nation's transport supply chain, every day our people manage the movement of over 430 freight and passenger trains across five states, 8,500km of track, 39 worksites and the lands of more than 50 First Nations. Rail isn't just a mode of transport, it's a safer and more environmentally friendly choice. We're committed to expanding and modernising our rail network, having invested billions of dollars to ensure its efficiency and sustainability. Join us and be part of a team that's shaping the future of transport in Australia.

About the Team

Safety is our top priority at ARTC, not just for our employees and contractors but also for rail operators and the communities we serve. When you join the Safety & Systems team, you'll be part of a team that plays a crucial role in ensuring the safety, reliability, and cost-effectiveness of our rail assets.

The team ensures our rail network operates smoothly across various systems and regions, helping to create a standardised operating environment. This helps increase efficiencies for rail operators, making our network more reliable and cost-effective.

About the Opportunity

The Cybersecurity Governance, Risk, Compliance (GRC) Specialist ensures the organisation maintains a strong cybersecurity framework by overseeing governance, managing cyber risks, ensuring compliance with industry regulations and standards, and providing assurance that cybersecurity controls are effective. This role supports the protection of critical assets, risk mitigation, and operational resilience in an evolving threat environment.

Responsibilities include:

Cyber Security Governance:

• Assist in maintaining ARTC's Cyber Security Management System in alignment with relevant standards and legislation (e.g., NIST, SOCI).
• Ensure cybersecurity policies, procedures, and standards are prepared and regularly updated in accordance with cyber best practice and well-communicated and integrated across business processes and technology operations.
• Ensures a thorough understanding of data governance principles and actively drives the adoption of data governance frameworks. Align data management practices with regulatory requirements and organisational objectives, supporting risk mitigation and compliance across the data lifecycle.
• Collaborate with the Technology team and Business Units to align data governance initiatives with organisational goals.

Risk and Compliance Management:

• Collaborate with the Enterprise Cyber Security and Resilience Manager to review and update cyber risks, including those related to third-party vendors and supply chains. Ensure adequate controls are in place to
• Support internal and external audit activities, ensuring timely remediation of audit findings and preparation of compliance documentation.

Assurance:

• Conduct regular assurance reviews to verify the effectiveness of cybersecurity controls and identify gaps.
• Oversee internal and external audit activities related to cybersecurity and manage remediation efforts to improve the organisation's security posture.
• Provide recommendations for continuous improvement based on assurance findings.

Supply Chain Cyber security:

• Identify cybersecurity risks within the supply chain and conduct due diligence for third-party relationships that handle sensitive data or are critical to business operations.
• Ensure appropriate cybersecurity measures are in place across the supply chain ecosystem.

Culture and Awareness:

• Contribute to building a strong security culture by assisting in the development and delivery of cybersecurity awareness and training programs.
• Collaborate with internal stakeholders to promote adherence to cybersecurity best practices and understanding across the organisation.

Reporting and Compliance Activities:

• Assist in preparing cybersecurity reports for internal and external stakeholders, including the executive team.
• Support compliance with regulatory frameworks and ensure alignment with organisational risk management strategies.

Incident Response and Remediation:

• Collaborate with relevant teams to ensure that compliance-related aspects of security incidents are addressed, and lessons learned are incorporated into ongoing cybersecurity strategies.

What do we want from you?

• Bachelor's degree in Cybersecurity, Information Technology, or a related field or demonstrated equivalent experience.
• Minimum 5 years' experience in cybersecurity governance, risk, and compliance (GRC).
• Previous experience in audit support and compliance activities.
• Strong risk management skills, including risk identification, assessment, and mitigation.
• Proficiency in developing and delivering cybersecurity awareness and training programs.
• Excellent communication and stakeholder engagement skills, with the ability to influence at all levels.
• Knowledge of IT and OT systems, including cybersecurity challenges and integration.

What will you get from us?

• Talk to us about flexible working options
• Competitive remuneration
• Resources to support your health and wellbeing and development
• Novated leasing options, as well as discounts and support programs
• 24/7 Employee Assistance Program for all employees and their direct family members

Our Organisation and Culture

At ARTC, we're more than just a rail network. We're a team of dedicated professionals committed to keeping Australia moving forward. Our culture is one of inclusion & collaboration, and continuous improvement. We're focused on growth, not just for our business but for our people and our country.

In everything we do, safety is our top priority. We believe in providing a safe workplace where everyone can thrive. Our commitment to safety is not just a statement; it's a fundamental part of who we are and enables us to best serve our customers and communities.

Our people are at the heart of our success. We value their expertise, their passion, and their dedication. We invest in their development and empower them to make a difference. Together, we are building a future where rail is the preferred mode of transport, contributing to a cleaner, safer, and more sustainable Australia.

Join us at ARTC and be a part of a team that's shaping the future of transport in Australia.

We're proud to be an equal opportunity employer and encourage applications from people of Aboriginal and Torres Strait Islander descent.

Apply Now

Join the exciting future of rail today and find a career for life.

As part of the application process, you'll be required to undergo pre-employment criminal history, reference, and medical checks, including drug and alcohol testing.

Applications close: 11 October 2025

Note: ARTC reserve the right to progress applications prior to the closing date.