GRC & Security Operations Specialist
Job details
Our client is seeking a highly skilled Governance, Risk and Compliance (GRC) & Security Operations Specialist (Managed Security Specialist) to join their dynamic team. This multi-faceted role involves the delivery of key governance, risk, and compliance objectives while also providing advanced security operations, project leadership and management, capability development and thought leadership to operational security. The successful candidate will be part of an organisation that values collaboration, customer focus, and driving results. They are committed to creating a fulfilling work environment for their team and making a positive impact on the community. The Company: Our client is a trusted Australian based IT Consultancy. They offer digital advisory, consulting and professional and managed services. Their vision is to create a sustainable business that provides a fulfilling work environment for their team and makes a positive impact on the community. They are about their customers and staff just as much as technology and innovation. What you'll do: As a Governance, Risk and Compliance & Security Operations Specialist, you will play a pivotal role in managing the delivery of key governance, risk, and compliance objectives. You will be responsible for contributing to the information security Risk Register, delivering high-quality reporting based on regulatory or industry compliance, managing audits and ensuring no non-compliance findings. Additionally, you will provide security awareness training both on-site and remotely. Your role will also involve performing SIEM-based event analysis, coordinating threat hunting activities, performing vulnerability assessments and developing new detection capabilities. This role offers a unique blend of responsibilities that will allow you to utilise your skills in both GRC and Security Operations.
- Contribute to the information security Risk Register, remediation activities and exceptions
- Deliver high quality reporting to clients based on regulatory and/or industry compliance
- Manage regular reviews, penetration testing, compliance programs and audits
- Provide security awareness training on-site and remotely
- Perform SIEM-based event analysis and triage alerts
- Coordinate threat hunting activities, perform vulnerability assessment activities, and develop new detection capabilities
- Strong compliance and security framework knowledge (ISO 27001, PCI-DSS, SOC 2, Essential 8, NIST-CSF)
- Experience in executing at least one risk-based compliance and one control-based compliance
- Knowledge and experience with modern industry SIEM platforms such as Splunk, Sentinel, or Elastic
- A minimum of 2 years experience in threat and vulnerability management
- Experience with Azure Active Directory, Microsoft 365 (Exchange Online, Teams, SharePoint, OneDrive), Microsoft Defender for Business
- Experience with GRC platform such as 6-Clicks, Huntsman or ServiceNow GRC
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.