Back to search
XPT Software Australia Linkedin · Posted 26d ago

GRC Consultant - Cyber Lead

Australia

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Role Summary

We are seeking an experienced GRC Consultant – Cyber Lead to drive governance and maturity of non-OS vulnerability management across enterprise application and platform environments.

This role focuses on cyber risk oversight, exception management, and vulnerability treatment strategy, ensuring risks are effectively assessed, governed, and aligned with enterprise security standards—while remediation execution remains with delivery teams.

Key Responsibilities

Governance & Risk Oversight

  • Define and implement non-OS vulnerability management frameworks, policies, and standards
  • Establish governance forums, escalation paths, and decision-making processes
  • Ensure compliance with regulatory, audit, and enterprise security requirements

Exception & Treatment Management

  • Manage remediation exceptions and risk acceptance lifecycle
  • Validate compensating controls and residual risks
  • Drive risk-based treatment plans with application and platform teams

Cyber Risk Management

  • Perform risk assessments for vulnerabilities that cannot be remediated
  • Enable risk-based decision-making aligned to business risk appetite
  • Ensure proper documentation, tracking, and periodic review of accepted risks

Tooling & Capability Uplift

  • Lead tooling strategy, evaluation, and automation initiatives
  • Improve vulnerability management maturity and processes
  • Support training and adoption across delivery teams

Security Improvement & SDLC Integration

  • Oversee remediation outcomes from pen tests, audits, and assessments
  • Promote secure-by-design and DevSecOps practices
  • Ensure vulnerabilities are identified and treated before production release

Stakeholder Management

  • Collaborate with Cyber, Application, Infrastructure, and Operations teams
  • Provide risk insights to senior leadership and governance forums
  • Influence prioritization based on risk severity and business impact

Required Skills & Experience

  • Strong background in GRC, cyber risk, and vulnerability management
  • Experience with application/platform vulnerabilities (non-OS)
  • Knowledge of frameworks: ISO 27001, NIST, CIS
  • Hands-on exposure to tools like Qualys, Tenable, Snyk, or similar
  • Expertise in risk assessment, exception management, and compliance
  • Strong stakeholder engagement and communication skills
  • Familiarity with DevSecOps / SDLC security practices

Qualifications

  • Bachelor’s degree in IT / Cybersecurity or related field

Certifications (Preferred)

Core

  • CISSP / CISM / CRISC

GRC & Risk

  • ISO 27001 Lead Implementer / Auditor
  • FAIR Certification

Optional (Good to Have)

  • CCSP (Cloud Security)
  • CEH / GIAC (Security testing awareness)
  • ITIL / Agile certifications
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent