Senior Governance, Risk and Compliance Advisor

Our Why

Datacom works with organisations and communities across Australia and New Zealand to make a difference in people's lives and help organisations use the power of tech to innovate and grow.

About the Role (your why)

The Senior Governance, Risk and Compliance Advisor plays a critical role in safeguarding the organisation's digital and information assets. This position is responsible for designing, implementing, and assessing the frameworks, policies, and procedures that ensure the organisation remains compliant with cybersecurity standards and regulations, while also proactively managing risks.

What you'll do

As a Senior GRC Advisor, you will play a pivotal role in strengthening Datacom's security governance, risk, and compliance capabilities across Australia and New Zealand. Your responsibilities will include:

• Develop and implement security frameworks: Identify, develop, and implement security processes, standards, and policies that align with Datacom's Information Security Plan and strategic objectives.
• Collaborate across business units: Work closely with internal teams to ensure the consistent application of security controls that meet Datacom and business requirements.
• Regulatory and framework compliance: Ensure adherence to both the Australian Government Information Security Manual (ISM) and Protective Security Policy Framework (PSPF), as well as the New Zealand Information Security Manual (NZISM) and Protective Security Requirements (PSR), across Datacom's internal and client environments.
• Continuous improvement and assurance: Lead ongoing auditing, monitoring, and enhancement of security controls, including the development and maintenance of Threat and Risk Assessments (TRA), System Security Plans (SSP), and Security Risk Management Plans (SRMP).
• ISO 27001 and ISMS maturity: Apply your deep knowledge of the ISO/IEC 27000 series to support the design, implementation, and continual improvement of our Information Security Management System (ISMS).
• Essential 8 compliance: Lead and maintain organisational compliance with the Australian Cyber Security Centre (ACSC) Essential 8 maturity model, ensuring effective implementation, measurement, and uplift of mitigation strategies across Datacom's environments.
• SOC 2 Type 2 compliance: Oversee and coordinate activities to maintain SOC 2 Type 2 certification, including evidence collection, control testing, audit readiness, and continuous improvement of internal security and privacy controls.
• GRC tooling and automation: Leverage and optimise GRC tooling, preferably Vanta, to automate evidence collection, track control performance, and manage risk and compliance workflows efficiently.
• Security awareness and enablement: Provide guidance, education, and training to improve understanding of security policies, processes, and technologies across teams, fostering a strong culture of compliance and accountability.

What you'll bring

• Extensive experience in information security, audit, assurance, governance, risk or compliance and a sound understanding of information security principles, polices and standards
• Previous experience with stakeholder engagement with a strategic and strategy focus
• Experience with and good understanding of IRAP
• The GRC Advisor must have a detailed knowledge of agency-specific and Australian Government protective security policy, principles, and minimum standards, and be provided with opportunity to maintain this knowledge
• Understanding of contract deliverables and obligations
• Some technical knowledge to make informed decisions about business risks from vulnerabilities
• Ideally, you will be industry certified and may even hold a CISSP, CISM, MS or equivalent certifications.
• Experience in developing and administering an information security program (desirable).

Why join us here at Datacom?

Datacom is one of Australia and New Zealand's largest suppliers of Information Technology professional services. We have managed to maintain a dynamic, agile, small business feel that is often diluted in larger organisations of our size. It's our people that give Datacom its unique culture and energy that you can feel from the moment you meet with us.

We care about our people and provide a range of perks such as social events, chill-out spaces, remote working, flexi-hours and professional development courses to name a few. You'll have the opportunity to learn, develop your career, connect and bring your true self to work. You will be recognised and valued for your contributions and be able to do your work in a collegial, flat-structured environment. We operate at the forefront of technology to help Australia and New Zealand's largest enterprise organisations explore possibilities and solve their greatest challenges, so you will never run out of interesting new challenges and opportunities.

We want Datacom to be an inclusive and welcoming workplace for everyone and take pride in the steps we have taken and continue to take to make our environment fun and friendly, and our people feel supported.