GRC Consultant

Full-Time: In-person @ North Sydney, NSW
+
On Client Site, as required.
Insicon_brand_mark_master_980
Employee Perk

Work from a light filled, modern office.

Insicon_brand_mark_master_980
Employee Perk

Company celebrations at half and full year.

 

Insicon_brand_mark_master_980
Employee Perk

Complimentary snacks, drinks, and ham & cheese toasties. 

Insicon_brand_mark_master_980
Employee Perk

 Office is close to North Sydney public transport.

Insicon_brand_mark_master_980
Employee Perk

Nice people in a growing business.

Insicon Overview

Founded in 2013, Insicon is a cybersecurity advisory that specialises in providing independent advice and leadership to executives and board directors.

We conduct comprehensive cybersecurity risk assessments to identify threats and vulnerabilities specific to each organisation, providing a blueprint for risk remediation. From that blueprint, we then assist companies to develop a robust information security management system to increase customer and supplier trust by demonstrating secure policies and procedures that align to ISO 27001 or other cybersecurity standards and frameworks.

Insicon also provides guidance on technology application and acquisition, in order to drive continuous improvement in our client's cybersecurity posture.

By offering these services, Insicon empowers executives and boards with the understanding, strategy, and resilience needed to effectively manage cyber risks and build a strong security culture across their organisations.

Job Brief - GRC Consultants

We're seeking passionate GRC Consultants to join our growing team and help Australian businesses strengthen their cybersecurity posture while maintaining regulatory compliance. This is your chance to work with some of the country's most forward-thinking organisations, delivering practical solutions that make a real difference to their risk management capabilities.

 

Role Purpose:

GRC Consultants at Insicon serve as trusted cybersecurity advisors who bridges the gap between complex technical security requirements and executive business decision-making.

Core Mission: Help Australian business leaders understand, implement, and maintain robust cybersecurity governance frameworks that protect their organisations while ensuring regulatory compliance.

Key Focus Areas:

  • Executive Advisory - Translate cybersecurity risks into business language for C-suite and board consumption
  • Regulatory Compliance - Guide organisations through Australian cybersecurity regulations and industry frameworks
  • Risk Management - Implement practical governance structures that align security initiatives with business objectives
  • Strategic Implementation - Lead the deployment of internationally recognised frameworks (ISO 27001, IRAP/ISM, SOC 2, NIST, CSF, Essential Eight) tailored to Australian business contexts

Ultimate Goal: Empower Australian enterprises to confidently navigate their digital transformation by making cybersecurity governance accessible, actionable, and strategically aligned with business success.

Duties and Responsibilities:

  • Deliver your engagements autonomously and ensure clients experience high professionalism, care, ownership, and punctuality.
  • Manage and resolve delivery escalation whilst ensuring the best customer experience possible.
  • Attend industry events regularly to learn, earmark potential recruits, network and generate interest.
  • Write and QA reports and material as required or assigned to you.

Qualifications:

  • 3-5 years of hands-on GRC experience, ideally within consulting, financial services, government, or large enterprise environments
  • Proven track record delivering cybersecurity governance and compliance projects in Australian regulatory contexts
  • Strong understanding of Australian privacy legislation, government security frameworks, and industry-specific compliance requirements
  • Experience with risk assessment methodologies and governance framework implementations

Technical Capabilities:

  • Deep knowledge of cybersecurity frameworks (ISO 27001, NIST, Essential Eight, COBIT)
  • Understanding of Australian regulatory landscape including APRA, ACCC, OAIC requirements
  • Experience with GRC tools and platforms
  • Familiarity with cloud security governance and emerging technology risk management

Professional Qualifications:

  • Relevant industry certifications strongly preferred: CISSP, CISM, ISO 27001 Lead Auditor/Implementer, CRISC, or CGRC
  • Bachelor's degree in Information Security, Business, Risk Management, or related field
  • Eligibility for Australian security clearances (beneficial for government work)
  • Valid Australian working rights and current driver’s licence.

What we offer:

  • Nice, modern and bright offices close to transport in North Sydney.
  • Complimentary snacks, drinks, and ham & cheese toasties!
  • Company celebrations at half and full year.
  • Nice people in a growing business.

Apply Now