Job Title: Senior GRC Consultant
Location: Sydney (Hybrid – minimum 3 days onsite)
Type: Full-time
Salary: $140,000–$200,000

Join Australia's Premier Compliance-First Cybersecurity Firm: Cybertify

Cybertify is Australia’s trusted compliance-first cybersecurity consulting firm. We serve clients across the most highly regulated and risk-sensitive sectors, including legal, financial services and fintech, healthcare, education, government, critical infrastructure, SaaS, and private clients. Our brand is built on precision, accountability, and execution.

We believe that robust security, strong governance, and unwavering regulatory compliance are non-negotiable. As we grow, we are seeking a Senior GRC Consultant to lead the delivery of advisory services across key cybersecurity frameworks and regulatory obligations.

Your Role

This is a senior delivery role for a GRC practitioner who thrives in fast-paced, high-trust client engagements. You will manage GRC assessments, lead audits, run workshops, and deliver complex advisory projects with professionalism, speed, and minimal oversight.

Key Delivery Areas

Framework Advisory & Alignment

Essential Eight Alignment

ISO 27001 Certification Readiness & Uplift

ISO 27001:2022 Transition Advisory

SOC 2 Readiness & Advisory

CIS Controls (v8) Alignment

NIST Cybersecurity Framework (CSF) Alignment

Security Control Maturity Road mapping

SMB1001:2025 Alignment

Compliance & Regulatory Advisory

APRA CPS 234 Compliance Advisory

APRA CPS 232 (Business Continuity)

APRA CPS 231 (Outsourcing/Third Parties)

Privacy Act Compliance & Readiness

PCI DSS Gap Assessments

IRAP Assessment Readiness

HIPAA Compliance & Readiness

My Health Record Rule 42 Advisory

AESCSF Compliance & Maturity Uplift

NSW Cyber 25 Compliance

EU NIS2 Readiness

NIST SP 800-53 Readiness

Assurance & Audit Support

Board-Level Cyber Risk Reporting

Audit & Regulator Response Support

Statement of Applicability (SoA) Reviews

ASAE 3402 Readiness

GS 007 Assurance Support

SOC 1 Readiness for Financial Reporting Environments

Key Responsibilities

Framework Advisory & Compliance Delivery

Lead delivery of GRC, compliance, and assurance projects across the above areas

Conduct cyber health checks, risk profiling, gap assessments, maturity evaluations, and strategic roadmaps

Deliver vCISO retainers, third-party risk reviews, business continuity advisory, and policy uplift projects

Translate obligations into structured, actionable, and audit-ready deliverables

Support development and uplift of policies, registers, and governance documentation

· Draft board-level documentation, audit-ready reports, risk registers, and compliance summaries

· Present recommendations clearly to executive stakeholders, boards, and regulators

· Manage deadlines, communicate dependencies, and maintain professional standards at every stage

Client Management & Delivery Execution

Run client meetings (virtual, on-site, or at our Sydney office) and lead all technical advisory engagements

Present reports and recommendations to CISOs, boards, legal teams, and auditors

Ensure accountability on deadlines, communications, and scope control

Escalate risks and blockers early to maintain delivery momentum

Documentation & Reporting

Draft gap reports, risk registers, compliance plans, and SoA reviews

Prepare audit-ready deliverables for APRA, board, and regulator response requirements

Maintain version-controlled records of all assessments and advisory documentation

Collaboration & Sales Support

Provide expert input during pre-sales scoping and technical discussions

Ensure engagement scopes are accurate, deliverable, and aligned with client expectations

Contribute to the continuous improvement of frameworks, templates, and delivery playbooks

Role Requirements

Experience

Minimum 5+ years in cybersecurity GRC consulting

Strong experience across ISO 27001, NIST CSF, Essential Eight, SOC 2, and CPS 234

Exposure to financial services, healthcare, or legal-sector clients highly regarded

Proven ability to lead client-facing advisory engagements from end to end

Technical & Compliance Capability

· Deep understanding of core frameworks and obligations

· Confident delivering risk assessments, maturity roadmaps, compliance mapping, and policy development

· Experience with audit support, gap analysis, and preparing board-ready deliverables

Communication & Professionalism

Able to manage multiple concurrent projects while maintaining quality and composure

· Structured, professional communicator with excellent writing skills

· Comfortable presenting to CISOs, legal teams, and auditors

· Maintains composure and authority across all interactions and client settings

Tools & Delivery Discipline

Proficient in Microsoft 365 (Word, Excel, PowerPoint, Teams)

Familiarity with HubSpot or equivalent CRM for tracking project notes

Strong grasp of compliance tools, risk registers, and audit frameworks

Maintains clear documentation, version control, and audit readiness standards

Required Certifications

Must-Have

ISO 27001 Lead Implementer or Lead Auditor

CISSP, CISM, or CISA

CompTIA Security+ or CySA+

PCI-QSA

Nice to Have

Microsoft SC-100 / SC-400 / SC-900

AWS Certified Security – Specialty

IRAP Assessor experience

BTL1/BTL2 (Blue Team Level)

Home Office & Connectivity

Reliable high-speed internet with ≤ 70ms latency

Dedicated, quiet, professional home office suitable for executive video calls

Must attend Sydney CBD office minimum 3 days per week

Performance Metrics

Timely delivery of gap assessments, reports, and frameworks

Quality and audit-readiness of documentation

Client satisfaction and repeat engagement rate

On-time completion of advisory retainers

Responsiveness to client communications

Completion rate of vCISO and GRC retainers

Contribution to templates, playbooks, and delivery quality

How to Apply

Submit your resume and a cover letter via Seek explaining why you’re the perfect fit for this role.