Job Brief - GRC Consultants
We're seeking passionate GRC Consultants to join our growing team and help Australian businesses strengthen their cybersecurity posture while maintaining regulatory compliance. This is your chance to work with some of the country's most forward-thinking organisations, delivering practical solutions that make a real difference to their risk management capabilities.
Role Purpose:
GRC Consultants at Insicon serve as trusted cybersecurity advisors who bridges the gap between complex technical security requirements and executive business decision-making.
Core Mission: Help Australian business leaders understand, implement, and maintain robust cybersecurity governance frameworks that protect their organisations while ensuring regulatory compliance.
Key Focus Areas:
- Executive Advisory - Translate cybersecurity risks into business language for C-suite and board consumption
- Regulatory Compliance - Guide organisations through Australian cybersecurity regulations and industry frameworks
- Risk Management - Implement practical governance structures that align security initiatives with business objectives
- Strategic Implementation - Lead the deployment of internationally recognised frameworks (ISO 27001, IRAP/ISM, SOC 2, NIST, CSF, Essential Eight) tailored to Australian business contexts
Ultimate Goal: Empower Australian enterprises to confidently navigate their digital transformation by making cybersecurity governance accessible, actionable, and strategically aligned with business success.
Duties and Responsibilities:
- Deliver your engagements autonomously and ensure clients experience high professionalism, care, ownership, and punctuality.
- Manage and resolve delivery escalation whilst ensuring the best customer experience possible.
- Attend industry events regularly to learn, earmark potential recruits, network and generate interest.
- Write and QA reports and material as required or assigned to you.
Qualifications:
- 3-5 years of hands-on GRC experience, ideally within consulting, financial services, government, or large enterprise environments
- Proven track record delivering cybersecurity governance and compliance projects in Australian regulatory contexts
- Strong understanding of Australian privacy legislation, government security frameworks, and industry-specific compliance requirements
- Experience with risk assessment methodologies and governance framework implementations
Technical Capabilities:
- Deep knowledge of cybersecurity frameworks (ISO 27001, NIST, Essential Eight, COBIT)
- Understanding of Australian regulatory landscape including APRA, ACCC, OAIC requirements
- Experience with GRC tools and platforms
- Familiarity with cloud security governance and emerging technology risk management
Professional Qualifications:
- Relevant industry certifications strongly preferred: CISSP, CISM, ISO 27001 Lead Auditor/Implementer, CRISC, or CGRC
- Bachelor's degree in Information Security, Business, Risk Management, or related field
- Eligibility for Australian security clearances (beneficial for government work)
- Valid Australian working rights and current driver’s licence.
What we offer:
- Nice, modern and bright offices close to transport in North Sydney.
- Complimentary snacks, drinks, and ham & cheese toasties!
- Company celebrations at half and full year.
- Nice people in a growing business.
