About the RoleWe’re looking for professionals with a strong background in Enterprise Risk Management, particularly in cyber and third-party risk. You’ll play a key role in evaluating vendor security practices, supporting audits, and maintaining compliance with industry standards like PCI DSS, ISO 27001, and SOC 2 Type 2.
Key ResponsibilitiesConduct third-party vendor due diligence and security risk assessmentsCollaborate across procurement, legal, IT, and business teams to integrate security controls in contractsMaintain a comprehensive inventory of vendor relationships and associated risksEnsure all risk management aligns with PCI DSS, ISO 27001, and SOC 2 Type 2 standardsSupport audits and assessments with proper documentationDevelop and maintain cyber risk management and third-party risk policiesDesign and implement continuous control monitoring and reporting mechanisms What You’ll Bring3–5 years of experience in Enterprise/Cyber Risk ManagementProficiency in risk assessment tools and methodologiesStrong knowledge of PCI DSS, ISO 27001 (SOC 2 Type 2 is a plus)Proven success in building and implementing risk management frameworksHands-on experience in evaluating and managing vendor-related risks
Candidates must have the right to work in Australia – this includes Australian Citizens, Permanent Residents, or Visa holders with valid work rights.