Senior Cyber Governance, Risk and Compliance (GRC) Analyst

About WorkCover Queensland 

At WorkCover Queensland our vision is to be the best worker’s compensation insurer, to make a positive difference to people’s lives and to keep Queenslanders working. Our flexible work environment allows you to be your best every day and contribute to the big picture.  

Our organisation is made up of individuals who collaborate and seek to engage others, working together as One Team. We embrace diversity and value people who bring personal energy and authenticity to everything they do. If you’re someone with a strong values-oriented compass and you want to achieve sustainable outcomes, you will find a great community at WorkCover.  

About the Opportunity – Senior Cyber GRC Analyst  

WorkCover is entering a new chapter, with a renewed strategic focus and strong executive leadership guiding our organisation’s 2030 Strategy. As we move into delivery, this role plays a critical part in enabling enterprise-wide transformation that delivers meaningful outcomes for our people, customers and the broader community. As Senior Cyber Security Governance, Risk and Compliance (GRC) Analyst, you will be a key contributor to the ongoing development and delivery of WorkCover’s cyber GRC function, ensuring cyber security remains embedded, proactive and risk-informed across the enterprise. Reporting to the Cyber Security Governance and Compliance Manager, you’ll lead critical cyber governance activities that enable risk-informed decision making, operational resilience, and compliance with industry standards. 

You’ll collaborate closely with cyber, IT, and business stakeholders to lead the development and execution of security risk assessments, control assurance, third-party due diligence and awareness programs. You’ll be a trusted advisor on cyber risk to senior stakeholders and help ensure WorkCover remains resilient in an evolving threat landscape. This is a role for a seasoned cyber security professional who brings a risk mindset, technical expertise, and the ability to turn frameworks and standards into practical, value-driven outcomes. Your focus will be ensuring the effective implementation of our Information Security Management System (ISMS), uplifting cyber resilience, and enabling secure transformation delivery. 

You’ll also contribute to: 

• Lead cyber security control assessments and assurance activities across our Information Security Management System (ISMS) 

• Drive risk-informed decision making by delivering end-to-end cyber risk assessments, particularly for third parties and key initiatives 

• Facilitate cyber risk forums and provide expert insights to senior leadership on risks, controls and mitigation strategies 

• Provide expert guidance and influence across cyber policy development, control design, and audit response 

• Coordinate cyber team planning and delivery, ensuring clear priorities, accountability, and alignment with enterprise transformation initiatives 

• Contribute to uplift of WorkCover’s GRC capability through process optimisation, assurance design and risk analytics 

A bit about you: 

You’re an experienced cyber governance and risk expert with at least 7+ years in cyber security, risk, or compliance roles within regulated, complex environments. You know how to translate risk frameworks into operational controls and are comfortable influencing decisions at all levels of the organisation. 

You bring: 

• Proven experience leading cyber GRC initiatives in large organisations 

• Deep knowledge of security standards and frameworks like ISO27001, NIST CSF, and the Essential 8 

• Strong communication and influencing skills, with the ability to engage both technical and non-technical stakeholders 

• Experience with third-party cyber risk, awareness programs, and security policy development 

• A collaborative mindset and the ability to lead and uplift others in a high-performing cyber team 

• Certifications such as ISO27001 Lead Auditor/Implementor, CRISC, CISA, or CISSP are highly regarded 

You’re curious, delivery-driven, and motivated by continuous improvement. You thrive on simplifying complexity, solving problems with agility, and building a strong culture of cyber security awareness and accountability. 

A bit about us: 
The Cyber Security team is part of our Digital and Technology Group and plays a critical role in safeguarding our systems, data, and people. We’re passionate about protecting what matters most - while enabling innovation and digital progress for the future of WorkCover Queensland. 

Working in a collaborative team environment within a supportive and engaged organisation, you’ll enjoy a 5-in-10 hybrid work model, access to personalised learning and development opportunities and the holistic support of our health and wellbeing program. We offer industry competitive salaries, a generous superannuation scheme (including co-contribution), and study assistance. 

You can find out more about our Employee Benefits by visiting Working at WorkCover Qld. 

How do I apply? 
Please submit your resume and a covering letter of no more than two pages, outlining your suitability for the role, your motivations, and alignment with our values and vision.  Applications close at 5PM, Tuesday 29th of July.  

We are committed to ensuring WorkCover reflects the diversity of the Queensland community. We welcome applications from First Nations peoples, members of the LGBTQIA+SB community, people of all ages, people who are neurodivergent, people with disability, and people from culturally and linguistically diverse backgrounds. To provide you the best experience, we can support with accommodations or adjustments at any stage of the recruitment process. Simply inform our recruitment team during your conversation with them. 

Pre-employment checks will be conducted on all prospective employees. This will include a Right to Work in Australia Check, Police Check, Education Check, Reference Check and where appropriate a Visa Check. The information provided will be treated as confidential in accordance with the Information Privacy Act 2009 (Qld).