Cyber Assurance

Cyber Assurance - Third Party Security Risk Management Senior Associate Join to apply for the Cyber Assurance - Third Party Security Risk Management Senior Associate role at Scyne Advisory Overview One purpose, one practice. We are public purpose sector specialists who support governments and their agencies, and not-for-profit organisations, to deliver services to Australians, helping to build more resilient, equitable, secure and prosperous communities. We are guided by our values of Stronger Together, Amplify Impact, Build Trusted Relationships, Value Every Person, Think Beyond Limits, and Defined by Ethics. The mission of our Cyber & Tech Risk (C&TR) practice is to increase public trust and participation in government digital services; a key driver in improving Australia’s productivity, equality, resilience, and prosperity. Our subject matter specialists bring scale and expertise across all phases of cyber transformation covering advisory and assurance, privacy and data governance, digital identity, technology implementation, and ongoing security operations. The Role and Responsibilities As a Senior Associate in our Cyber Assurance Team, focused on Third Party Security Risk Management, you will create value by: Delivering third-party risk assessments: Supporting clients in identifying, assessing, and managing security risks associated with vendors, suppliers, and other third parties across the full lifecycle of third-party engagements. Advising on frameworks and standards: Applying knowledge of cyber and risk frameworks (e.g. NIST CSF, ISO27001, CIS18 ISM/PSPF, COBIT) to evaluate third-party risk management programs and recommend practical improvements. Supporting assurance and remediation activities: Performing vendor due diligence, control testing, and audit reviews, and working with clients to close security gaps or enhance supplier oversight processes. Collaborating on transformation initiatives: Contributing to the design and implementation of third-party risk management operating models, governance structures, and enabling technologies. Coaching and knowledge sharing: Providing guidance and support to junior team members, sharing insights and practical approaches to third-party security challenges. Contributing to growth and innovation: Assisting in the development of new methodologies, tools, and service offerings in response to evolving market and regulatory expectations around third-party risk. Qualifications About You 2+ years’ experience in cyber security, technology risk, or third-party risk management, ideally gained through consulting, assurance, or a second line of defence role. Familiarity with third-party risk processes (e.g. due diligence, onboarding, assurance reviews, ongoing monitoring, exit/offboarding). A working understanding of cybersecurity and IT risk frameworks (e.g. NIST CSF, ISO27k, ISM/PSPF, COBIT) and how they apply to vendor environments. Strong analytical and problem-solving skills, with the ability to work autonomously and deliver high-quality outcomes under time pressure. (Desired but not mandatory) Certifications such as CISA, ISO27001 Lead Implementer/Lead Auditor, CISSP, or cloud security certifications (AWS/Microsoft). (Mandatory) Ability to obtain an Australian Government security clearance. Additional Information Market leading Parental Leave: Allows either carer to take 26 weeks of leave, flexibly, until a child is two years of age. A six-month minimum service requirement for new starters applies. We also make full superannuation contributions for up to 12 months (including unpaid parental leave). Flex working: Our people have the autonomy to choose where and when they work so they can integrate their professional and personal lives, finding the right balance that fuels their growth, wellbeing, engagement and productivity. If it works for them, their teams, and their clients, it works for us. Additional leave: a 5th week of paid leave to support rest, wellbeing, and inclusion during our annual summer shutdown also Birthday leave, First Nations Cultural Leave, Floating Public Holidays, Leave+ (purchased leave up to 12 weeks), Study Leave, Volunteering Leave, and more Employee share options for every team member, reflecting our commitment to shared success and ownership. Smart Device reimbursement: Up to $60 a month towards your phone/tablet costs. Wellness and Lifestyle benefits: $295 a year for wellness and up to $205 a year for balanced lifestyle supports. Sonder: A digital care platform that supports wellbeing for Scyne Employees and their immediate family members. Interested in working together or want to find out more? If you share our purpose of helping governments and their agencies build more resilient, secure, equitable and prosperous communities, then you should apply today. #J-18808-Ljbffr