Cyber Assurance

Company Description
One purpose, one practice
We are public purpose sector specialists who support governments and their agencies, and not-for-profit organisations, to deliver services to Australians, helping to build more resilient, equitable, secure and prosperous communities. We are guided by our values of Stronger Together, Amplify Impact, Build Trusted Relationships, Value Every Person, Think Beyond Limits, and Defined by Ethics.

Skills
Our purpose-driven professionals provide clients with access to the skills, capabilities and expertise to support the delivery of government agendas and public purpose projects, with specialist teams across three national practices:

• Transformation
• Risk, Programs and Cyber
• Commercial, Financial and Infrastructure

Cyber & Tech Risk
The mission of our Cyber & Tech Risk (C&TR) practice is to increase public trust and participation in government digital services; a key driver in improving Australia's productivity, equality, resilience, and prosperity. Our subject matter specialists bring scale and expertise across all phases of cyber transformation covering advisory and assurance, privacy and data governance, digital identity, technology implementation, and ongoing security operations.

Cyber Advisory and Assurance: The home of our Third Party Security Risk Management capability
As a Senior Associate in Third Party Security Risk Management, no two days are the same. You might start your morning reviewing the results of a supplier security questionnaire and mapping them against industry standards, before jumping on a client call to discuss findings from a recent vendor control assessment.

Midday could see you working alongside a Manager or Director to design a more robust third-party risk framework for a large enterprise, followed by mentoring a graduate on how to assess supplier compliance evidence.

In the afternoon, you could be drafting a report that highlights risks and practical recommendations for a client's executive stakeholders, while also contributing ideas to the development of new tools and methodologies within our team.

Throughout the day, you'll balance hands-on delivery with collaboration, problem solving, and continuous learning—all while helping clients strengthen their resilience against third-party cyber risks.

Job Description
The Role and Responsibilities
As a Senior Associate In Our Cyber Assurance Team, Focused On Third Party Security Risk Management, You Will Create Value By

• Delivering third-party risk assessments: Supporting clients in identifying, assessing, and managing security risks associated with vendors, suppliers, and other third parties across the full lifecycle of third-party engagements.
• Advising on frameworks and standards: Applying your knowledge of cyber and risk frameworks (e.g. NIST CSF, ISO27001, CIS18 ISM/PSPF, COBIT) to evaluate third-party risk management programs and recommend practical improvements.
• Supporting assurance and remediation activities: Performing vendor due diligence, control testing, and audit reviews, and working with clients to close security gaps or enhance supplier oversight processes.
• Collaborating on transformation initiatives: Contributing to the design and implementation of third-party risk management operating models, governance structures, and enabling technologies.
• Coaching and knowledge sharing: Providing guidance and support to junior team members, sharing insights and practical approaches to third-party security challenges.
• Contributing to growth and innovation: Assisting in the development of new methodologies, tools, and service offerings in response to evolving market and regulatory expectations around third-party risk.

Qualifications
About You
As a Senior Associate, technically, you will bring to the position:

• 2+ years' experience in cyber security, technology risk, or third-party risk management, ideally gained through consulting, assurance, or a second line of defence role.
• Familiarity with third-party risk processes (e.g. due diligence, onboarding, assurance reviews, ongoing monitoring, exit/offboarding).
• A working understanding of cybersecurity and IT risk frameworks (e.g. NIST CSF, ISO27k, ISM/PSPF, COBIT) and how they apply to vendor environments.
• Strong analytical and problem-solving skills, with the ability to work autonomously and deliver high-quality outcomes under time pressure.
• (Desired but not mandatory) Certifications such as CISA, ISO27001 Lead Implementer/Lead Auditor, CISSP, or cloud security certifications (AWS/Microsoft).
• (Mandatory) Ability to obtain an Australian Government security clearance.

Additional Information

• Market leading Parental Leave: Allows either carer to take 26 weeks of leave, flexibly, until a child is two years of age. A six-month minimum service requirement for new starters applies. We also make full superannuation contributions for up to 12 months (including unpaid parental leave).
• Flex working: Our people have the autonomy to choose where and when they work so they can integrate their professional and personal lives, finding the right balance that fuels their growth, wellbeing, engagement and productivity. If it works for them, their teams, and their clients, it works for us.
• Additional leave: a 5th week of paid leave to support rest, wellbeing, and inclusion during our annual summer shutdown also Birthday leave, First Nations Cultural Leave, Floating Public Holidays, Leave+ (purchased leave up to 12 weeks), Study Leave, Volunteering Leave, and more
• Employee share options for every team member, reflecting our commitment to shared success and ownership.
• Smart Device reimbursement: Working flexibly means accessing the information you need on the go. That's why we help pay for your smartphone or tablet, claiming up to $60 a month towards your bill.
• Wellness and Lifestyle benefits: We'll give you $295 a year to spend on items or activities that support your wellness, and up to $205 a year to support your balanced lifestyle.
• Sonder: A digital care platform that empowers people to actively take control of their wellbeing to live well and perform at their best, free to Scyne Employees and their immediate family members.

Interested in working together or want to find out more?
If you too share our purpose of helping governments and their agencies build more resilient, secure, equitable and prosperous communities, then you should apply today.