Cyber Security GRC Analyst

About us:

Making a meaningful difference with mission-critical software that empowers communities to thrive.

ReadyTech is more than just a one-trick pony playing in one market with one product, or one customer. We re-imagine, design, develop and deliver technology to solve our customer's diverse problems – supporting multiple businesses across a variety of markets to be ready for anything.

We're an ASX-listed company which means we are stable, have a strong track record of sustainable growth and have a significant number of long-term customers. So, what does this mean for you? It means we can offer you an experience that will push you to be your best, provide career-building challenges, and that will offer you numerous growth opportunities that can't be found in any other company.

It's an inclusive environment where there is no place for politics, where we get our heads together to solve the problems that really matter to our customers, and where we always stay focused on our north star – the communities we serve, and society at large.

The key accountabilities of the role:

• Lead the implementation and continuous improvement of ReadyTech's cyber security GRC framework aligned with IRAP, SOC 2, and ISO 27001 standards.
• Coordinate and manage external audits and assessments, ensuring audit readiness, evidence collection, and timely remediation of findings.
• Maintain and oversee the cyber risk register, including risk identification, analysis, treatment, and ongoing monitoring.
• Develop, update, and maintain information security policies, procedures, standards, and guidelines that reflect compliance requirements under IRAP, ISM, SOC 2, and related frameworks.
• Report and communicate cyber performance, compliance status, and risk indicators to executive and governance forums.
• Support the integration of compliance controls into IT and cloud environments to ensure secure-by design operations.
• Promote a strong security and compliance culture through collaboration, education, and awareness initiatives across the business.

The key responsibilities of the role:

Governance & Policy

• Develop, maintain, and align ReadyTech's information security policies and control library with ISM, IRAP, SOC 2, ISO 27001, and NIST frameworks.
• Map control requirements across frameworks to reduce duplication and simplify compliance activities.
• Ensure all policies and standards are reviewed, approved, and communicated to relevant stakeholders.

Risk & Compliance Management

• Manage the cyber risk management process, including assessment, documentation, and reporting of risks.
• Lead compliance activities to maintain certification and attestation under IRAP and SOC 2.
• Support the creation and maintenance of System Security Plans (SSP), Security Plans and Risk Registers, and Plans of Action and Milestones (POA&M) for IRAP.
• Manage vendor and third-party risk assessment programs to ensure compliance with regulatory and contractual obligations.

Audit & Assurance

• Coordinate and facilitate IRAP, ISO assessments and SOC 2 audits, including evidence collection, gap analysis, remediation tracking, and reporting.
• Maintain detailed audit logs and assurance documentation to support external review and internal reporting.
• Conduct internal control testing and assurance reviews to assess compliance effectiveness and identify improvement opportunities.

Awareness & Culture

• Champion a strong security and compliance culture across ReadyTech.
• Deliver targeted training and communication to increase awareness of regulatory and framework requirements.
• Support teams in embedding compliance controls within business processes, development pipelines, and infrastructure management.

The key requirements for the role:

Skills

• Strong analytical, communication, and presentation skills.
• Ability to translate technical risks and controls into business-relevant language.
• Exceptional organizational and time management skills with a focus on meeting compliance deadlines.
• Demonstrated initiative, accountability, and stakeholder management across technical and non-technical teams.

Knowledge

• Deep understanding of security and risk frameworks, including:
• IRAP, ASD ISM, and PSPF
• SOC 2 Trust Services Criteria
• ISO 27001/27002, NIST CSF, and ITIL
• Familiarity with GRC tools and platforms.
• Understanding of cloud and SaaS architectures, especially within Microsoft Azure environments.
• Awareness of relevant data privacy and protection regulations

Experience

• Minimum 4+ years in information security, with 2+ years in a GRC, compliance, or audit coordination role.
• Demonstrated experience coordinating external audits or assessments (IRAP, SOC 2, ISO 27001, or FedRAMP).
• Proven experience in managing audit evidence, remediation, and control effectiveness testing.
• Background in systems administration or cloud infrastructure preferred, to bridge operational and compliance considerations.
• Experience developing and maintaining documentation such as SSPs, POA&Ms, and audit reports.

Performance Indicators

• Successful completion and maintenance of IRAP and SOC 2 compliance with minimal findings.
• On-time completion of audit and assessment milestones.
• Measurable improvement in compliance maturity and risk reduction.
• Effective communication of compliance and risk status to executive leadership.
• Increased staff awareness and adherence to compliance obligations.

Why you should become a ReadyTecher:

• A day off for your birthday- hip hip hooray
• Additional 4 days of leave each year
• ReadyTecher Awards each quarter with the chance to win flights and accommodation to Hamilton Island
• Hybrid work, with in-house baristas in Australia via the Ready Beans team
• Access to Sonder- a technology-driven platform supported by safety, medical and mental health experts - available 24/7
• Paid parental leave
• Additional paid leave for miscarriage, endometriosis and menopause
• Volunteer leave
• Flu vaccinations
• And plenty of ReadyTech merch drops along the way

ReadyTech is committed to seeing things through each other's eyes. We invest deeply in relationships by offering positivity, fairness and empathy in every interaction and love that everyone is different. We're proud to be an equal opportunity employer that celebrates our diversity of race, beliefs, sexual orientations, gender identities, age, disability status, marital status and more - so that every single one of us can feel like we belong.

As part of our commitment to ensuring a safe and secure working environment for all employees and in compliance with Australian regulations, please note that if selected for this role, you will be required to complete a comprehensive police check and an Australian working rights check. Should you have any questions or concerns regarding these requirements, please feel free to contact us.

So, if you are ready for anything, please apply today. Please note that if your application is progressed to the next stage, we will send you some testing to complete as part of your application as we have found this helps us to quickly identify potential ReadyTechers

Full-time

Job no: IXAJ50579

Location: Melbourne, Sydney, Launceston

Closing Date: Wednesday, 17 December 2025