Senior Security Analyst

Description
Senior Security Analyst
Alvarez & Marsal is a leading independent global professional services firm, specializing in providing turnaround management, performance improvement and corporate advisory services.  With more than 10,000+ professionals based in locations across North America, Europe, Asia and Latin America, we have recently expanded to Australia with offices in Sydney, Melbourne and Perth.

Our Sydney office has a newly created role for a Senior Security Analyst to join our A&M Australian team. You will report to the Governance Risk & Compliance Lead? in the UK managing and enhancing our third-party risk management program. You will be responsible for assessing, monitoring, and mitigating risks associated with third-party vendors, ensuring compliance with regulatory requirements and internal security policies.

You will be able to work autonomously and with global teams; that are experienced operators, world-class consultants, former regulators and industry authorities with a shared commitment to telling clients what's really needed for turning change into a strategic business asset, managing risk and unlocking value at every stage of growth.

What you will be doing:

• Third-Party Risk Management
• Vendor Assessment & Monitoring
• Client Security Questionnaires
• Governance & Compliance
• Client and Vendor Contract Reviews
• Risk Reporting & Communication.

What you will need:
Education & Experience:

• Bachelor's degree in Information Security, Risk Management, Business, or related field. Advanced degree preferred.
• Industry recognized certification in security (e.g., CRISC (Certified in Risk and Information Systems Control), CTPRP (Certified Third-Party Risk Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager)
• 5+ years of experience in GRC, third-party risk management, or information security.
• Experience in conducting vendor risk assessments and audits.
• Experience in managing and completing client security questionnaires.

Technical Skills:

• Familiarity with third-party risk management tools and platforms (OneTrust, OnSpring, Responsive, BitSight etc.)
• Good understanding of security frameworks such as ISO 27001, NIST, and the Essential Eight Strategies to mitigate cybersecurity incidents.
• Knowledge of regulatory requirements (e.g., Australian Privacy Act, Consumer Data Right, NDB scheme).

Soft Skills:

• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills.
• Ability to work collaboratively with cross-functional teams.
• Detail-oriented with the ability to manage multiple tasks simultaneously

As we are rapidly growing there is opportunity for growth and learning within A&M, we are friendly, approachable and passionate about our work, customers and teams – if this is you, apply to A&M today

Inclusive Diversity

A&M's entrepreneurial culture celebrates independent thinkers and doers who can positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M's core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity—are the main reasons our people love working at A&M. Inclusive Diversity means we embrace diversity, and we foster inclusiveness, encouraging everyone to bring their whole self to work each day. It runs through how we recruit, develop employees, conduct business, support clients, and partner with vendors. It is the A&M way.

Equal Opportunity Employer

It is Alvarez & Marsal's practice to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, creed, religion, national origin, ancestry, citizenship status, sex or gender, gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, family medical history, genetic information or other protected medical condition, political affiliation, or any other characteristic protected by and in accordance with applicable laws. Employees and Applicants can find A&M policy statements and additional information by region here.

Unsolicited Resumes from Third-Party Recruiters

Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters are engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.