Head of Cybersecurity GRC

At Triskele Labs, we believe cybersecurity should be built on practical experience, not just theory. We work with organisations to improve their cyber maturity through realistic, evidence-based advisory services that align with risk, regulation, and business priorities.

We are now seeking a Head of Cybersecurity GRC to lead and grow our Governance, Risk and Compliance team. This is a senior leadership role with end-to-end ownership of people, process, pipeline, and profit across our GRC services. It is ideal for someone who thrives on team leadership, service design, commercial performance, and delivering trusted advice at the executive and board level.

This role is hybrid, requiring at least two days per week in our Melbourne office. It will involve occasional on-site time with key clients and regular interaction with Triskele Labs' broader leadership team.

About the Role

As the Head of Cybersecurity GRC, you will be responsible for leading the day-to-day operations and strategic direction of the GRC practice. You will manage a team of consultants across multiple levels, ensuring high quality, consistent delivery, while also owning commercial targets and forecasting.

This role is approximately 80 percent focused on management and leadership, with 20 percent delivery involvement in key or complex client engagements. You will be accountable for overseeing GRC projects, managing team utilisation, contributing to presales and proposals, driving service innovation, and representing the practice in client forums and internal leadership meetings.

Requirements

We are looking for a proven leader with strong GRC domain experience, a passion for high-quality delivery, and the ability to grow and mentor a high-performing team. You will be commercially minded, comfortable managing business performance, and experienced in engaging directly with C-level stakeholders and boards.

You will be successful in this role if you have:

• Significant experience in cybersecurity GRC, including team leadership and consulting delivery
• Deep knowledge of frameworks such as ISO 27001, NIST CSF, and the Essential Eight, with the ability to translate them into practical outcomes
• Prior experience managing a consulting P&L, including forecasting, utilisation, and performance tracking
• Demonstrated ability to build and lead a team, implement scalable processes, and maintain a high standard of delivery
• Strong commercial acumen and the ability to scope, price, and deliver services that meet client expectations
• Exceptional stakeholder engagement skills, particularly with executive leadership and board members
• A mindset focused on continuous improvement, client success, and team development
• The ability to balance strategic thinking with hands-on support where required

Key Responsibilities

• Lead and manage the GRC consulting team, including performance management, mentoring, career development, and capacity planning
• Own the operational delivery of GRC services including ISO 27001, risk assessments, ISMS programs, cyber maturity reviews, board reporting and security governance frameworks
• Develop and manage team processes and service delivery standards to ensure consistency, quality, and scalability
• Maintain visibility of ongoing project work, stepping into client engagements where needed to support delivery or act as an escalation point
• Attend and present at board meetings, risk committees, and senior stakeholder forums, translating cyber risk into business terms
• Take ownership of forecasting, pipeline management, team utilisation, and P&L performance for the GRC practice
• Scope and price engagements in collaboration with the sales team, ensuring a balance between client value and delivery feasibility
• Support pre-sales activities including proposals, discovery sessions, and presentations to prospective clients
• Contribute to service development and strategic planning as part of the Triskele Labs senior leadership group
• Collaborate closely with leaders across Detection and Response, Offensive Security, and Incident Response to deliver integrated, high-value outcomes for clients
• Sit on the Triskele Labs Leadership Team to own overall strategic direction of the GRC team

Benefits

Why Join Triskele Labs

Triskele Labs is a leading Australian cybersecurity provider offering services across Advisory, Offensive Security, Managed Detection and Response, and Digital Forensics. We work with clients who value expertise, transparency, and outcomes over buzzwords and checklists.

This is a rare opportunity to take full ownership of a growing GRC function within a highly respected security consultancy. You will have the backing of an experienced executive team, the ability to shape your practice, and the support to build a team around your vision.

If you're looking to lead a GRC function with real impact, visibility, and autonomy, we'd love to hear from you. Please include a cover letter addressed to Rob Barry, Chief Operations Officer with your application, as applications without a cover letter will not be considered.

Working Arrangements:

The role is full time, Monday to Friday in our Collins St Melbourne Office, with Hybrid working arrangements.