We’re partnering with a respected Queensland organisation to engage a Cyber Security Officer with strong GRC capability for a 6 month fixed term contract. This role is ideal for someone who thrives in structured frameworks, enjoys cross business engagement, and wants to contribute to a mature and evolving cyber security program.
You’ll work closely with the Cyber Security GRC Manager and CISO, supporting the operational delivery of key governance, risk, compliance, and assurance activities.
Why this role matters
You’ll play a central role in maintaining ISO27001 certification, uplifting Essential Eight maturity, strengthening governance processes, and ensuring the organisation remains audit ready. This is hands on, meaningful work that directly contributes to organisational resilience.
What you’ll be doing
ISMS & ISO27001
- Maintain and enhance the ISMS aligned to ISO27001:2022
- Update policies, standards, procedures, and registers
- Prepare evidence for internal/external audits and surveillance assessments
- Monitor control implementation and support continuous improvement
- Conduct cyber risk assessments across systems and business units
- Maintain the cyber risk register and track treatment plans
- Provide guidance to project teams and system owners
- Coordinate internal and external audit activities
- Support control testing, remediation tracking, and closure validation
- Ensure artefacts, logs, and records remain audit ready
- Contribute to awareness campaigns, phishing simulations, and targeted training
- Support engagement activities to uplift security culture
- Conduct supplier security assessments and review evidence
- Identify gaps, document findings, and support risk mitigation
- Maintain supplier risk records and ongoing monitoring
- Prepare governance reports, dashboards, and metrics
- Track performance, risks, controls, and assurance activities
- Provide timely updates to leadership and governance forums
What you’ll bring
Essential
- Strong understanding of ISO27001, ISO31000, ASD ISM, and Essential Eight
- Experience maintaining cyber security documentation and ISMS artefacts
- Hands on experience with internal/external audits and evidence preparation
- Ability to conduct cyber risk assessments and maintain risk registers
- Experience with supplier security assessments and third party assurance
- Strong written and verbal communication skills
- Ability to translate technical concepts into business friendly language
- Solid understanding of common IT and cyber controls
- Excellent organisation, documentation, and stakeholder engagement skills
- ISO27001 Lead Implementer or Lead Auditor
- CISA, CISM, or CRISC
- PCI?DSS experience
Who you are
You’re proactive, organised, and comfortable working across multiple stakeholders. You enjoy structure, documentation, and frameworks, and you bring a calm, systematic approach to governance and uplift activities.
Interested?
If you’re looking for a meaningful GRC role where your work directly contributes to certification, assurance, and uplift, we’d love to hear from you. Apply now or reach out for a confidential discussion
We are an inclusive employer committed to fostering a diverse and accessible workplace. We encourage applications from Aboriginal and Torres Strait Islander peoples, people with disabilities, LGBTQIA+ individuals, people of all ages, and those from culturally and linguistically diverse backgrounds.
