Senior Cyber Governance, Risk & Assurance Specialist

Company Description

For a winning team that is evolving.  Forward with Cuscal.

At Cuscal, you’ll find a strong, successful company that’s reimagining the future. And our team is right there at the heart of it all. Here, you’ll deliver or support interesting, ground-breaking projects that have real impact - on Australia’s financial services sector and the millions of customers it serves. You’ll innovate alongside skilled, smart, connected teams. And you’ll build an impressive, fulfilling career that continues to grow. As the largest independent payment solution providers, we’ve set the standard for over 50 years. Now, we’re preparing to pioneer the next 50.

Job Description

We are looking for a Senior Cyber Governance, Risk & Assurance Specialist to join our dynamic IT Security team.  

What is this role about?

The Senior Cyber Governance, Risk & Assurance Specialist is entrusted with fortifying Cuscal’s cybersecurity governance and risk management frameworks, ensuring stringent regulatory compliance and resilience against evolving cyber threats. This pivotal role encompasses managing key compliance processes, executing comprehensive risk assessments, and delivering critical insights to inform risk-aligned decision-making. By engaging cross-functional stakeholders, the specialist drives a culture of risk awareness, enhances control effectiveness through targeted assurance activities, and contributes strategic perspectives to cybersecurity reporting for the Technology Risk Committee and senior leadership.

Here’s some more insight into what you’ll work on,

• Cyber Governance and Policy Support:
  • Assist in the development, implementation, and maintenance of cybersecurity policies, standards, and frameworks to support Cuscal’s security objectives.
  • Ensure that policies, Standard and procedures are up-to-date and align with regulatory and industry standards, including PCI DSS, SOC 2, and CPS 234.
• Risk identification and assessment:
  • Conduct cybersecurity risk assessments for systems, applications, and third-party vendors to identify and prioritize risks based on Cuscal’s risk tolerance.
  • Evaluate risk assessment findings and recommend mitigation actions to reduce exposure to potential security threats.
• Compliance and Regulatory Alignment:
  • Support the execution and documentation of end-to-end PCI DSS and SOC 2 compliance activities, including audits and remediation tracking.
  • Assist in the continuous monitoring of regulatory requirements, ensuring Cuscal maintains compliance with standards such as APRA CPS 234.
• Assurance and Control Testing:
  • Perform regular control assessments and assurance testing to validate the effectiveness of cybersecurity controls.
  • Document and communicate control gaps, monitor remediation efforts, and report on progress to relevant stakeholders in timely manner.
• Reporting and Documentation
  • Contribute to the preparation of cybersecurity risk reports for the Technology Risk Committee, Board Risk Committee, and other senior stakeholders.
  • Provide insights and analysis to improve the organization’s understanding of cybersecurity risks and support data-driven decision-making.

Qualifications

What can you bring?

• Proven experience (5-7 years) in cybersecurity governance, risk management, and compliance, preferably within the financial services or payment sector.
• Strong knowledge of cybersecurity frameworks and standards, such as NIST, ISO 27001, and relevant regulatory requirements (e.g., APRA CPS 234, PCI DSS).
• Demonstrated expertise in conducting risk assessments, control testing, and assurance activities to support a risk-informed decision-making process.
• Hands-on experience with compliance management, including maintaining documentation, tracking remediation efforts, and preparing for audits.
• Proficiency in analyzing and reporting cyber risks, with the ability to present complex information clearly to diverse stakeholders.
• Familiarity with cybersecurity policy development, control frameworks, and their application to enterprise environments.
  Experience collaborating with cross-functional teams, such as IT, Legal, and Compliance, to align cybersecurity practices with business objectives.
• Knowledge of incident response practices, vulnerability management, and third-party risk management best practices.
• Ability to contribute to short, medium- and long-term planning and effectively promote ideas.
• Relevant professional certifications (e.g., CISM, CRISC, CGEIT) preferred.

Although not required, any experience in the following would be highly regarded:

• Payment’s industry, ATM/EFT/POS technology, cards and finance or other regulated industries and/or 24x7 mission-critical environments. 
• Understanding of legal, regulatory, privacy and security matters associated with the Banking and Finance Industry. 

Additional Information

What’s it like to work here?

As well as good pay and a great culture, we back our employees by helping them work towards industry-recognised qualifications, using online learning, training modules and career planning tools for you to grow with us. We are committed to providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. We support our colleagues with flexible work arrangements through our hybrid model whilst also offering a wide range of financial, lifestyle, health & wellbeing benefits.

How do you Apply?

Start here. Just click on the APPLY button.

If you think this role is the right fit for you, we invite you to apply. Let’s explore who you are and what drives you. We’d love to share our vision for the future of payments sector. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert.

Cuscal does not accept unsolicited resumes from recruitment agencies and search firms. Please do not email or send unsolicited resumes to any Cuscal employee, location or address.