Role Overview We are seeking a Cyber Security Governance Specialist to strengthen our group company's cyber-security frameworks and risk posture. In this role, you will collaborate with internal teams and guide stakeholders on key security standards and frameworks, including: ISO/IEC 27001 NIST Cybersecurity Framework (CSF) & NIST SP 800 series PCI-DSS Your work will ensure that governance, risk, and compliance (GRC) principles are embedded into business operations, enabling the company to maintain resilience, compliance, and trust. Key Responsibilities 1. Assess & Benchmark Conduct cyber-risk and control-maturity assessments (NIST CSF, ISO 27001, Essential Eight, proprietary models). Translate technical findings into executive-level insights and actionable roadmaps. 2. Programme Design & Delivery Build and embed cyber-risk programmes: risk registers, treatment plans, dashboards. Develop policies, standards, and procedures that are both compliant and practical for engineers . 3. Governance & Compliance Own and maintain the GRC framework and policy stack; embed the three lines of defence . Guide stakeholders through audits and regulatory reviews (e.g., APRA CPS 234, SOC 2). Monitor regulatory changes and advise business stakeholders on impact within 30 days . 4. Strategic Advisory Develop multi-year cyber-security and risk strategies aligned to corporate OKRs. Present risk posture, KPI/KRI trends, and investment options to boards and regulators . 5. Leadership & Coaching Mentor junior GRC analysts and upskill cross-functional teams on secure-by-design and offensive-security principles. Foster a culture of continuous improvement and measurable risk reduction. Qualifications & Experience Essential 3+ years in cyber-security, technology risk, or security consulting. Hands-on delivery of ISO 27001 and PCI-DSS certification projects . Experience guiding senior stakeholders through NIST CSF or equivalent reviews . Working knowledge of offensive-security methodologies to inform strategic risk decisions. Strong experience building risk registers, executive dashboards, and board reports . Preferred / Nice-to-Have Master's degree in Cybersecurity, Risk, Business, or MBA. Professional certifications: CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor . Exposure to AI governance and data ethics (e.g., NIST AI RMF). Prior line-management of GRC, security architecture, or penetration testing teams. Show more Show less