Datacom

Senior Governance, Risk and Compliance Advisor

Datacom

full-time

Posted on:

Location Type: Hybrid

Location: BrisbaneAustralia

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • Develop and implement security frameworks: Identify, develop, and implement security processes, standards, and policies that align with Datacom’s Information Security Plan and strategic objectives.
  • Collaborate across business units: Work closely with internal teams to ensure the consistent application of security controls that meet Datacom and business requirements.
  • Regulatory and framework compliance: Ensure adherence to both the Australian Government Information Security Manual (ISM) and Protective Security Policy Framework (PSPF), as well as the New Zealand Information Security Manual (NZISM) and Protective Security Requirements (PSR), across Datacom’s internal and client environments.
  • Continuous improvement and assurance: Lead ongoing auditing, monitoring, and enhancement of security controls, including the development and maintenance of Threat and Risk Assessments (TRA), System Security Plans (SSP), and Security Risk Management Plans (SRMP).
  • ISO 27001 and ISMS maturity: Apply your deep knowledge of the ISO/IEC 27000 series to support the design, implementation, and continual improvement of our Information Security Management System (ISMS).
  • Essential 8 compliance: Lead and maintain organisational compliance with the Australian Cyber Security Centre (ACSC) Essential 8 maturity model, ensuring effective implementation, measurement, and uplift of mitigation strategies across Datacom’s environments.
  • SOC 2 Type 2 compliance: Oversee and coordinate activities to maintain SOC 2 Type 2 certification, including evidence collection, control testing, audit readiness, and continuous improvement of internal security and privacy controls.
  • GRC tooling and automation: Leverage and optimise GRC tooling, preferably Vanta, to automate evidence collection, track control performance, and manage risk and compliance workflows efficiently.
  • Security awareness and enablement: Provide guidance, education, and training to improve understanding of security policies, processes, and technologies across teams, fostering a strong culture of compliance and accountability.

Requirements

  • Extensive experience in information security, audit, assurance, governance, risk or compliance and a sound understanding of information security principles, polices and standards
  • Previous experience with stakeholder engagement with a strategic and strategy focus
  • Experience with and good understanding of IRAP
  • The GRC Advisor must have a detailed knowledge of agency-specific and Australian Government protective security policy, principles, and minimum standards, and be provided with opportunity to maintain this knowledge
  • Understanding of contract deliverables and obligations
  • Some technical knowledge to make informed decisions about business risks from vulnerabilities
  • Ideally, you will be industry certified and may even hold a CISSP, CISM, MS or equivalent certifications.
  • Experience in developing and administering an information security program (desirable).
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security frameworkssecurity processessecurity standardssecurity policiesThreat and Risk AssessmentsSystem Security PlansSecurity Risk Management PlansISO 27001GRC toolingIRAP
Soft Skills
stakeholder engagementstrategic focusguidanceeducationtrainingcollaborationcommunicationleadershiporganizational skillscontinuous improvement
Certifications
CISSPCISMMSISO/IEC 27000 series knowledge