We are here to find those who strive for excellence, go the extra mile, and crave continuous growth.

We’re an all-Australian cybersecurity firm helping some of the country’s biggest organisations stay ahead of cyber risk. We’re looking for people who share our drive to learn relentlessly, act with integrity, and raise the bar for our clients and teammates alike – those seeking a place where your drive and expertise are met with equal enthusiasm and opportunity. Dive into a culture that treasures innovation and offers a growth platform that is as limitless as your ambition and work ethic.

 

The Opportunity

The GRA Consultant delivers technical cyber risk and assurance assessments across suppliers, third parties, technology services, and business initiatives, evaluating the effectiveness of security controls, identifying control gaps and residual risks, and providing practical remediation advice to support clear, risk based decisions for business and technology stakeholders.

 

What You’ll Do

  • Conduct technical risk and assurance assessments across third parties, cloud services, SaaS platforms, and technology solutions.
  • Assess scope, criticality, data sensitivity, architecture, access models, hosting arrangements, and business impact.
  • Evaluate security control maturity across key domains including identity, network, monitoring, vulnerability management, resilience, encryption, and data protection.
  • Review technical and assurance artefacts to determine security posture, control effectiveness, and residual risk.
  • Identify control gaps, risk exposures, and compensating controls, and document outcomes in risk registers or GRC platforms.
  • Define and track remediation actions, validate uplift, and support risk acceptance where required.
  • Review contractual and onboarding security requirements to confirm alignment with baseline control and assurance obligations.
  • Support reassessment, consolidate related assurance inputs, and provide clear technical guidance to stakeholders.

 

What You’ll Bring

  • Strong understanding of enterprise cyber security controls and risk drivers across cloud, SaaS, managed services, and third party environments.
  • Ability to assess control design and effectiveness across identity, infrastructure, monitoring, data protection, resilience, and secure delivery, and determine the resulting risk exposure.
  • Strong capability in analysing control gaps, residual risk, business impact, and remediation priorities to support risk based decision making.
  • Experienced in interpreting assurance evidence, including SOC reports, ISO 27001 certifications, penetration testing, audit reports, and technical policies, and translating findings into clear risk insights.
  • Working knowledge of common security frameworks, control models, and risk methodologies, including ISO 27001, NIST CSF, and CIS Controls.
  • Experience in cyber assurance, third party risk, GRC, security architecture, or technology risk roles.
  • Hands on experience assessing technical controls in enterprise, cloud, or managed service environments.
  • Experience documenting risk statements, control gaps, residual risk outcomes, and remediation plans in structured formats.
  • Strong stakeholder capability with the ability to engage engineers, architects, procurement teams, legal teams, and business owners.
  • Relevant certifications desirable, such as CISSP, CISM, CRISC, ISO 27001, CCSP, Security+, or equivalent.

 

What You’ll Get

  • A technically excellent, collaborative team
  • Competitive base salary and flexibility to suit how you work best
  • Clear investment in your professional growth and long-term success

Sound like you? Apply below