As a GRC Consultant, you will play a pivotal role in assessing and documenting our client's compliance and risk posture relating to its information assets. Your day-to-day responsibilities will include implementing security controls, evaluating risks, developing standards, automating processes for continuous monitoring of information security controls, among others.

GRC Consultant

Melbourne based | Contract

What you'll do:
As a GRC Consultant, you will play a pivotal role in assessing and documenting our client's compliance and risk posture relating to its information assets. Your day-to-day responsibilities will include implementing security controls, evaluating risks, developing standards, automating processes for continuous monitoring of information security controls, among others. You will also be responsible for maintaining various types of risk assessments while reporting any control failures or gaps to management. Your role will extend beyond these tasks as you assist other staff members with the management of security program functions while also acting as a resource on security assessment functions for other business units.

• Implement security controls, risk assessment framework, and assurance program aligning to regulatory requirements.
• Evaluate security risks and controls, develop security standards and procedures to manage risks.
• Implement processes such as GRC (governance, risk and compliance) to automate and continuously monitor information security controls.
• Define and document business process responsibilities and ownership of the controls in GRC tool.
• Perform internal and external information security risk assessments.
• Maintain Risk Assessments, Third-party Risk Assessments and Privacy Impact Assessments.
• Document and report control failures and gaps to management.
• Assist other staff in the management and oversight of security program functions.
• Train, guide, and act as a resource on security assessment functions to other business units.
• Remain current on best practices and technological advancements.

What you bring:
The ideal candidate for the GRC Consultant role brings a wealth of experience along with formal qualifications in Business Management or Information Technology Management. You have spent over five years implementing, managing, and reviewing internal security controls for governance, compliance, and quality. Your track record includes performing audits in accordance with professional standards and you are highly proficient in audit methodologies, especially those applicable in IT environments. Your expertise extends to designing and implementing compliance and control frameworks, including business process reengineering. You are an expert in IT governance quality and security standards and have a knack for writing high-quality documentation and reports.

• Formal qualifications in Business Management, Information Technology Management or related field.
• Relevant experience in implementing, managing, reviewing internal security controls for governance.
• Track record of performing internal or external audits (financial/operational/IT) in accordance with relevant professional standards.
• Highly proficient in audit methodologies applicable in IT environments.
• Expertise in designing and implementing compliance and control frameworks including business process reengineering.
• Expert knowledge of IT governance quality and security standards.
• Experience writing high-quality documentation and reports.
• Excellent comprehension of internal controls requirements and implications.

Aboriginal and Torres Strait Islander Peoples are encouraged to apply.

To apply please click apply or call Jack North on 61 3 8628 2165 for a confidential discussion.