Cybersecurity Grc Consultant

Overview Triskele Labs are one of the leading providers of cybersecurity services in Australia.
We assist clients to reduce their risk of a cyber compromise through the delivery of risk-considered controls.Triskele Labs are one of the last remaining boutiques in Australia.
We are currently the largest CREST Registered Penetration Testing company in Melbourne and one of the only boutiques to run a 24x7x365 Security Operations Team completely onshore.Are you looking to work in cybersecurity consulting where real impact matters more than ticking boxes?
Triskele Labs is seeking a Cybersecurity GRC Consultant to join our growing Advisory team in Melbourne.In this hybrid client-facing role, you'll work across industries to deliver clear, practical security assessments that help organisations meaningfully reduce risk.
You'll support implementation and uplift efforts aligned to frameworks like ISO 27001, NIST CSF, and the Essential Eight, working closely with both technical and non-technical stakeholders to drive change where it matters most.We're looking for someone who brings both security expertise and a questioning mindset - someone who is comfortable challenging assumptions, validating controls, and helping our clients cut through complexity.
You'll also have the opportunity to collaborate with other internal teams across offensive security, DFIR, and detection and response.If you want to grow your GRC career in a role where the work is valued, varied, and grounded in the real world, this could be the perfect fit.
Responsibilities Conduct cybersecurity risk assessments aligned to ISO 27001, NIST CSF, Essential Eight and related frameworksPerform gap assessments and control maturity reviews for regulatory, compliance, and best-practice purposesSupport the development and implementation of Information Security Management Systems (ISMS)Create board and executive-level reporting to communicate cyber risks and prioritise remediationFacilitate workshops and lead conversations with stakeholders across technical and business functionsWork closely with internal experts in SOC, red teaming, and DFIR to ground recommendations in operational realitiesBuild lasting relationships with clients and support them throughout their cyber maturity journey Experience & Skills 2-4 years of experience in cybersecurity GRC, ideally across multiple sectors or clientsPractical knowledge of ISO 27001, NIST CSF, and Essential EightExperience conducting risk assessments and drafting core security documentation (e.g., risk registers, policies, reports)Strong communication and engagement skills with business and technical audiencesA proactive, consultative approach to understanding and validating control environmentsTechnical awareness of security operations and engineering conceptsWillingness to learn, take initiative, and own deliverables in a collaborative team setting Certifications Required:ISO 27001 Lead Implementor or AuditorOne or more of the following: CISSP, CISM, CISA (or working towards)Preferred:SABSA or CRISCITIL FoundationsAdditional governance or cloud-related security certifications What We Look For Excellent written and verbal communicationStrong attention to detail and structured thinkingAbility to balance autonomy with teamwork in a fast-paced environmentA genuine interest in helping organisations improve their security maturityClient-first mindset with professional integrity KPIs Timely, high-quality delivery of client engagementsPositive stakeholder feedback and repeat client engagementsDevelopment and contribution to internal documentation and toolkits75-80% billable utilisationActive engagement in professional development Reporting Line Reports to: Senior GRC ConsultantWorks with: Advisory team, technical practices, and clientsTeam culture is everything to Triskele Labs and it is the reason we exist.
We are a forward-thinking company and always looking for ways to boost our team culture to ensure we are a destination employer.
We continually undertake surveys to seek feedback from our team on ways we can improve our work environment and team member experience at Triskele Labs.
Benefits Hybrid Flexibility: Work two days per week from our Melbourne CBD office, and remotely the rest of the week (subject to client needs)Varied Client Engagements: Collaborate with organisations of all sizes, across industries and maturity levelsCareer Development: Access ongoing mentorship, structured training pathways, and certification supportReal-World Cybersecurity Exposure: Collaborate with our internal red team, SOC, and incident response units to deepen your practical understandingPeople & Culture: Participate in team events, offsites, and connection initiatives run by our dedicated People & Culture teamIf you've made it this far, there's a good chance you're who we're looking for
At Triskele Labs, we value initiative and attention to detail-so please include a cover letter addressed to Rob Barry, Chief Operating Officer, with your application.
Applications without a cover letter will not be progressed.
Working Arrangements The role is full time, Monday to Friday in our Collins St Melbourne office, with hybrid working arrangements: two days in-office, three days remote (client needs may vary).
Occasional interstate travel may be required.