Role Overview

An opportunity exists for an experienced Information Security Analyst to join the Cyber Security Assurance team on a 12-month contract. This role focuses on assessing and improving the security posture of systems, applications, and services across a complex enterprise environment.
The successful candidate will perform proactive risk assessments, support remediation activities, and contribute to continuous improvement initiatives that enhance cyber resilience. The role also involves helping to align security practices and controls across multiple technology environments, including SaaS platforms, cloud services, and enterprise systems.

Location: Melbourne
Hybrid working : 2 days in the office

Key Responsibilities

• Conduct proactive security risk assessments of systems, applications, and services.
• Complete audit and compliance questionnaires from 3 party vendors
• Identify vulnerabilities, evaluate countermeasures, and recommend pragmatic mitigation strategies.
• Perform security reviews against current control sets and leading industry standards (ISO 27001, ASD Essential 8, PCI DSS, ISM).
• Coordinate remediation activities with stakeholders and track progress to closure.
• Support compliance with internal policies and external standards.
• Contribute to the continuous improvement of security controls, processes, and documentation.
• Develop clear, actionable reports and communicate findings to both technical and non-technical audiences.
• Assist with day-to-day assurance tasks and small change/project reviews.

Additional Responsibilities:

• Conduct User Access Reviews and Work-from-Overseas requests.
• Review RPA (Robotic Process Automation) processes.
• Perform third-party supplier security assessments and respond to customer assurance questionnaires.
• Review SaaS solutions and support ESAR (Enterprise Security Assurance Review) processes.
• Maintain and update Cyber Assurance documentation in Confluence.
• Track, follow up, and manage reported security deviations through to resolution.

Required Skills & Experience

• Experience as an assessor, or experienced within an assurance role within an enterprise or service provider environment.
• Strong understanding of cloud hosting models (SaaS, PaaS, IaaS) and leading platforms such as AWS and Azure.
• Working knowledge of security standards and frameworks (ISO 27001, ASD Essential 8).
• Solid understanding of application development, solution integration, and risk management concepts.
• Proven ability to write concise, high-quality reports and present findings to varied audiences.
• Experience collaborating with stakeholders, service providers, and distributed teams.

Desirable Skills

• Familiarity with frameworks such as ISO 31000, PCI DSS, SOCI, and the ISM.
• Strong analytical, problem-solving, and communication skills.
• Ability to quickly understand new environments and adapt to changing priorities.

Qualifications

• Tertiary qualification in IT, Computer Science, Cyber Security, Risk Management, or a related discipline (desirable).
• Industry certifications such as CISSP, CISM, CRISC, or CISA are advantageous.
• Must be an Australian Citizen, clearance would be beneficial