Cyber Assurance

Cyber Assurance - Third Party Security Risk Management Senior Associate We are public purpose sector specialists who support governments and their agencies, and not-for-profit organisations, to deliver services to Australians, helping to build more resilient, equitable, secure and prosperous communities. We are guided by our values of Stronger Together, Amplify Impact, Build Trusted Relationships, Value Every Person, Think Beyond Limits, and Defined by Ethics. Company Description We are public purpose sector specialists who support governments and their agencies, and not-for-profit organisations, to deliver services to Australians, helping to build more resilient, equitable, secure and prosperous communities. We are guided by our values of Stronger Together, Amplify Impact, Build Trusted Relationships, Value Every Person, Think Beyond Limits, and Defined by Ethics. Skills Transformation Risk, Programs and Cyber Commercial, Financial and Infrastructure Cyber & Tech Risk The mission of our Cyber & Tech Risk (C&TR) practice is to increase public trust and participation in government digital services; a key driver in improving Australia's productivity, equality, resilience, and prosperity. Our subject matter specialists bring scale and expertise across all phases of cyber transformation covering advisory and assurance, privacy and data governance, digital identity, technology implementation, and ongoing security operations. Cyber Advisory and Assurance: The home of our Third Party Security Risk Management capability As a Senior Associate in Third Party Security Risk Management, no two days are the same. You might start your morning reviewing the results of a supplier security questionnaire and mapping them against industry standards, before jumping on a client call to discuss findings from a recent vendor control assessment. Midday could see you working alongside a Manager or Director to design a more robust third-party risk framework for a large enterprise, followed by mentoring a graduate on how to assess supplier compliance evidence. In the afternoon, you could be drafting a report that highlights risks and practical recommendations for a client's executive stakeholders, while also contributing ideas to the development of new tools and methodologies within our team. Job Description The Role and Responsibilities Delivering third-party risk assessments: Supporting clients in identifying, assessing, and managing security risks associated with vendors, suppliers, and other third parties across the full lifecycle of third-party engagements. Advising on frameworks and standards: Applying your knowledge of cyber and risk frameworks (e.g. NIST CSF, ISO, CIS18 ISM / PSPF, COBIT) to evaluate third-party risk management programs and recommend practical improvements. Supporting assurance and remediation activities: Performing vendor due diligence, control testing, and audit reviews, and working with clients to close security gaps or enhance supplier oversight processes. Collaborating on transformation initiatives: Contributing to the design and implementation of third-party risk management operating models, governance structures, and enabling technologies. Coaching and knowledge sharing: Providing guidance and support to junior team members, sharing insights and practical approaches to third-party security challenges. Contributing to growth and innovation: Assisting in the development of new methodologies, tools, and service offerings in response to evolving market and regulatory expectations around third-party risk. Qualifications 2+ years' experience in cyber security, technology risk, or third-party risk management, ideally gained through consulting, assurance, or a second line of defence role. Familiarity with third-party risk processes (e.g. due diligence, onboarding, assurance reviews, ongoing monitoring, exit / offboarding). A working understanding of cybersecurity and IT risk frameworks (e.g. NIST CSF, ISO27k, ISM / PSPF, COBIT) and how they apply to vendor environments. Strong analytical and problem‑solving skills, with the ability to work autonomously and deliver high-quality outcomes under time pressure. (Desired but not mandatory) Certifications such as CISA, ISO Lead Implementer / Lead Auditor, CISSP, or cloud security certifications (AWS / Microsoft). (Mandatory) Ability to obtain an Australian Government security clearance. Additional Information Market leading Parental Leave: Allows either carer to take 26 weeks of leave, flexibly, until a child is two years of age. Flex working: Our people have the autonomy to choose where and when they work so they can integrate their professional and personal lives. Additional leave: a 5th week of paid leave to support rest, wellbeing, and inclusion during our annual summer shutdown. Employee share options for every team member, reflecting our commitment to shared success and ownership. Smart Device reimbursement: Working flexibly means accessing the information you need on the go. Wellness and Lifestyle benefits: We'll give you $295 a year to spend on items or activities that support your wellness. #J-18808-Ljbffr