GRC Consultant

The Governance Risk and Compliance Consultant is the operational engine responsible for executing and maturing the lifecycle across highly regulated and government portfolios. This role is crucial for developing authoring and rigorously maintaining essential security documentation notably the System Security Plans and Security Risk Management Plans. A core function involves ensuring absolute compliance and demonstrable alignment with the Australian Governments Protective Security Policy Framework and the Information Security Manual controls ultimately supporting the formal accreditation and continuous security assurance of sensitive and classified systems. Responsibilities Accreditation Documentation Mastery: Develop, review, and maintain critical security documentation specifically System Security Plans and Security Risk Management Plans essential for meeting ISM and PSPF accreditation criteria. Risk Management Leadership: Conduct thorough detailed risk assessments and govern both enterprise and project-level risk registers ensuring strict alignment with ISO 31000 principles and ISM risk methodology. Security Accreditation Support: Directly support the formal security accreditation and certification processes for systems designated to operate within classified or highly sensitive environments. Expert Compliance Advisory: Serve as the subject matter expert providing authoritative advice on compliance with key government mandates: PSPF, ISM, Essential Eight and the Australian Privacy Principles. Framework Maturity Assessment: Lead maturity assessments and conduct comprehensive gap analyses against the PSPF, ISM and ISO 27001 security management frameworks. Policy and Standard Governance: Develop, socialize and maintain the foundational policies, standards and procedures that govern organizational security risk and compliance. Assurance by Design: Collaborate actively with security architects and engineers to ensure that compliance and assurance objectives are effectively integrated into solution design from inception. Reporting and Stakeholder Engagement: Prepare clear concise reports and presentations for executive stakeholders, auditors and formal accreditation authorities. Audit Readiness and Support: Coordinate and support both internal and external audits ensuring that all control artefacts and evidence are complete, accurate and readily available. Cultivate Compliance Culture: Design and deliver security awareness and training sessions to systematically foster a strong organization-wide culture of security and compliance. Regulatory Monitoring: Proactively monitor and assess changes in legislative and regulatory requirements, advising leadership on potential business and control impacts. Qualifications Demonstrated hands‑on capability in producing, reviewing and assuring System Security Plans (SSPs) and Security Risk Management Plans (SRMPs) Strong experience performing governance risk and compliance functions within Australian Government Strong proven knowledge and practical application of key Australian Government security frameworks: ISM, PSPF, Essential Eight, APP (Australian Privacy Principles) and international standards (ISO 27001 / ISO 31000) Proven ability to execute documents and report on detailed risk assessments, control effectiveness reviews and formal compliance activities. Exceptional skills in technical documentation, high‑level communication and effective stakeholder engagement across complex environments. A solid understanding of compliance challenges and controls within modern ICT and cloud platforms (e.g., Azure, AWS, Microsoft Defender, M365). Relevant tertiary qualification (e.g., Information Security Risk Management or related field). Additional Information Why join us: NCS Australia is where you can feel at home nurturing your talents and skills as we make tomorrow together one day at a time. Our benefits include paid parental leave initiatives focused on your well‑being and discounted health insurance. You will also enjoy discounts on various products and services and be regularly recognised and rewarded for high performance. We are committed to your career development through our Capability Fingerprint industry and partner training programs, special interest groups and an AI‑driven learning platform. No matter where you are in your career we offer meaningful work and opportunities for growth. NCS Australia is an equal‑opportunity employer and we take pride in our commitment to valuing and supporting our people and the communities we are dedicated to attracting, retaining and developing our people regardless of gender identity, ethnicity, sexual orientation, disability and age. Applications are encouraged from all sectors of the community and we strongly encourage applications from the Veterans, Aboriginal and / or Torres Strait Islander community. At NCS Australia we are committed to supporting adjustments throughout the recruitment and selection process as well as during employment. We actively support and encourage people with disability to apply. Agencies We request that you do not contact NCS employees outside of the Talent Acquisition team. NCS exclusively accepts resumes from agencies on our preferred supplier panel through the NCS Agency Portal. Agencies that submit resumes must have a valid fee agreement and be assigned to the particular requisition by the Talent Acquisition team. Any resumes that are submitted outside of this process will become the sole property of NCS. If a candidate is hired outside of this process no fee or payment will be given. Work rights and background checks To be eligible for a position with us applicants will need to have valid work rights for Australia and be willing to undergo a comprehensive background checking process including probity and police checks. Remote Work No Employment Type Full‑time Key Skills Sales Experience Direct Sales Hyperion Financial Services Financial Concepts Banking Oracle EBS Securities Law Peoplesoft Oracle Financial Management Workday Experience years Vacancy 1 #J-18808-Ljbffr