Information Security Governance, Risk and Compliance Specialist

Who We Are
We are a financial services company that specialises in fleet management, vehicle leasing and salary packaging, with a presence across Australia, the UK and NZ. A total portfolio under management of $2.5 Billion and over 1200 employees.

OUR CULTURE
When adding a new member to the SG Fleet Group family, we look for people who embody our values, allowing us to provide an unparalleled customer experience. You will have the opportunity to thrive in a positive and fun atmosphere where everyone is valued and recognised for their efforts, whilst being a part of an amazing team.

SOME OF OUR PERKS INCLUDE

• Recharge and relax with up to four extra days of leave each year. We call them Wellness days
• We offer industry-leading 20 weeks of paid parental leave
• Save plenty with vehicle salary packaging
• Monetary service milestone awards
• Recruitment referral bonus
• Discounted mobility products and services
• Flexible work arrangements
• Career progression opportunities
• Education support towards your growth, including an individual learning budget per year, free access to LinkedIn Learning and more
• Two paid volunteer days each year to give back to causes that matter to you
• Health and wellbeing support including

*AS A INFORMATION SECURITY GOVERNANCE, RISK AND COMPLIANCE SPECIALIST*
The major responsibilities of this position include but are not limited to:

• Implement, maintain and mature information security policies and procedures in accordance with ISO27001 and NIST standards.
• Assist with information security awareness training initiatives across the group.
• Assist in the maintenance and continual improvement of the Information Security Management System (ISMS), including the monitoring and reporting on the effectiveness of security controls and compliance efforts.
• Conduct vendor and solution risk assessments or gap analyses to identify areas of improvement in our security posture, including supply chains.
• Collaborate with cross-functional teams to ensure compliance with security standards and regulatory requirements, as well as provide guidance on the implementation of security controls (technical and non-technical) and best practices.
• Assist with any internal compliance and privacy audits and prepare for external audits, including ISO27001.
• Review penetration tests and vulnerability results and assist with the prioritization of resolution efforts based on technical and non-technical risk factors. Track the remediation of identified vulnerabilities, ensuring timely and effective resolution.
• Assist with data governance activities including classification and archival.
• Stay up to date with the latest developments in security standards and regulatory requirements.

*Essential*

• Proven experience in GRC roles with a focus on ISO27001 or standards.
• Strong understanding of information security risk management principles and methodologies, particularly in supply chains.
• Information security technical concepts regarding confidentiality, integrity and availability.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently to achieve goals.
• Ability to negotiate security tasks with different teams.
• Detail-oriented with a commitment to maintaining high standards of quality and accuracy.

WHAT'S NEXT
We'd love to hear from you if you're ready to take on your next challenge at a company that embodies diversity and belonging while also offering work-life balance and career development.

We are a proud equal opportunity employer, and welcome everyone to our team. Resumes may be sent and interviews may take place prior to closure date for applications. To give yourself the best chance of selection, please do not leave your application to the application 'close' date. As a pre-requisite to employment, the successful applicant will be required to complete a pre-employment screening.

Aboriginal and Torres Strait Islander candidates are encouraged to apply.