Information Security Grc Analyst

Posted: 29/04/2025

Closing Date: 29/05/2025

Job Type: Contract

Location: Head Office - Collingwood

Job Category: Banking and Financial Services

Do you want to be part of using the business of banking as a force for good? Do you want to create positive impact for people and the planet? Bank Australia is the bank for people who want to be part of a movement creating a fairer and more just world.

We're growing fast as more people choose to align their banking with their values. We're a customer owned, B Corp certified bank. We empower our staff and 185,000+ customers to be part of the clean money movement.

We currently have an exciting opportunity for an Information Security Governance, Risk and Compliance Analyst to support Bank Australia cyber security assurance and risk management processes across the organisation. As a key member of the security, you will have the opportunity to contribute towards the establishment and maintenance of a well-structured and mature security environment.

You will work with a range of stakeholders across the business providing information security compliance and risk management support and guidance. Additionally, you will manage cyber security policies and standards, ensure they are periodically updated and aligned them with the overall Bank Australia Information Security Policy framework.

**Why join us**
- We have big plans to become Australia's most trusted bank and a leading purpose-driven business.
- As a certified B Corp, we're part of a global business community who meet the highest social and environmental standards, putting purpose over profit.
- Every role and person in our bank is essential to bringing our values, purpose and aspiration to life.
- We offer flexible working options, competitive salary and 13% super.
- Our staff have access to a range of meaningful benefits to support their physical and mental wellbeing including 24/7 free counselling, free flu vaccinations and discounted gym memberships.
- We also support staff with study assistance, paid parental leave (regardless of gender), volunteer, bereavement, gender affirmation and family violence leave; and the opportunity for bonus annual leave.
- We support our staff to grow their careers through learning and development and an organisational culture where we reward and recognise innovation and values, not long hours.
- We are committed to building an inclusive culture and a diverse workforce that reflects the Australian community.
- We care for a conservation reserve - where we work with key partner organisations to protect threatened species and involve staff in conservation.

**What you will be doing**
- Assist with maintaining the Bank Australia Information Security Framework in alignment with legal and regulatory requirements.
- Contribute to regulatory compliance including APRA CPS234.
- Support the organisation in ensuring compliance with security policies and standards.
- Support in maintaining the Information Security Risk Register.
- Perform information security control tests for design and effectiveness and security controls are implemented and tested in alignment with Bank Australia's information security policies and standards.
- Support tracking, remediation and closure of audit and assurance activities.
- Contribute to governance, risk and compliance information security reporting.
- Conduct third party risk assessment including maintaining the third-party register, third party assessments and third-party reporting.
- Identify and appropriately document security risks and issues.
- Build strong relationships with internal and external stakeholders support information security risk management process.
- Consult as the technical expert with stakeholders to deliver outcomes that satisfy Bank Australia's business needs.

**What you will bring**
- Understands, communicates and personally lives the Bank Australia values and contributes in an active, positive and influential way to optimising the culture of the organisation.
- One or more related certifications such as CISSP, CEH, CISA, CISM.
- Solid knowledge of information security principles and practices.
- Extensive experience in a combination of information security risk management, compliance, governance and IT Audit.
- Experience in performing information security audits and control assurance activities across security controls.
- Understanding of security risk and information security vulnerabilities.
- Understanding of cyber security standards NIST Cyber Security Framework, ISO27001, PCI DSS would be an advantage.
- Knowledge of contemporary information security management trends, tools, practices and concepts.
- Understanding of APRA Prudential Standards relating to cyber security.
- Knowledge of Cyber Security Infrastructure technologies, best practices and broad knowledge of network security concepts.
- An understanding with third party risk management.
- An understanding of security technologies that are commonly used to detect