About the Role

As the Cyber Security Risk Specialist, you will be instrumental in embedding cybersecurity risk practices into day-to-day operations across a large and diverse environment. Under broad direction, you'll take ownership of cyber risk assurance activities, support technology audits, and drive the remediation of risk issues to support a mature, enterprise-wide IT risk management framework.

This is a pure cyber risk role - suited to candidates with experience in professional services, internal/external audit, policy governance, and third-party/vendor risk assessments. You'll partner closely with project and technical teams to assess proposed changes, influence strategic decisions, and uphold cyber resilience.

Key Responsibilities

Deliver and coordinate an annual cyber security assurance program to measure compliance and identify risk.

Manage internal and external audit and accreditation activities (e.g. DISP, ISO27001).

Conduct cyber risk assessments across projects, platforms, cloud environments, and third-party services.

Lead and monitor the remediation of risk and control issues, audit findings, and compliance gaps.

Engage with risk owners across the business to support fact-based risk decisions.

Contribute to the development and ongoing support of secure, accredited environments.

Provide high-quality reporting on risk posture, metrics, and security governance activities.

Assist in the ongoing development and implementation of cybersecurity policies and risk frameworks.

Support security governance bodies, such as steering committees and working groups.

About You
You're a driven cyber risk professional who blends strong technical understanding with business acumen. With a background in risk consulting, governance, or audit (ideally within a professional services or complex enterprise environment), you're confident navigating competing priorities and engaging with stakeholders at all levels.

What You'll Bring

Relevant tertiary qualifications or equivalent demonstrated competency.

Substantial experience in cybersecurity risk management, IT audit, or compliance.

Deep understanding of security risk, controls, threats, and technologies across cloud, infrastructure, and application environments.

Strong familiarity with risk frameworks such as ISO/IEC 27001, NIST, COBIT.

Hands-on experience with risk assessments, policy management, and third-party/vendor risk.

Industry certifications such as CRISC, CISM, CISSP, or ISO27001 Lead Implementer are highly regarded.

Strong interpersonal and communication skills - able to engage with both technical and non-technical audiences.

Exceptional organisational skills and a proactive, solutions-focused mindset.

Working Arrangement
Enjoy a flexible hybrid working model with 3 days WFH and in-office attendance on Tuesdays and Thursdays, fostering both collaboration and work-life balance.