Cyber Security - Governance, Risk and Compliance Specialist (AU)

Work with cutting edge technology, making the world a safer and more secure place. DroneShield (ASX:DRO) offers an opportunity to solve some of world’s most challenging technical problems in the Electronic Warfare, Artificial Intelligence and Machine Learning, RF sensing, Sensor Fusion and distributed systems. Working with high profile customers across militaries, government agencies, airports, critical infrastructure, law enforcement and many others.

With one of the largest listed defence company market capitalisations in Australia and having raised approximately $250m in 2024 alone, DroneShield is undergoing hypergrowth stage, fuelled by rapidly increasing use of drones for nefarious applications, from battlefield, to terrorism, to contraband delivery and commercial espionage.

This role is in the DroneShield Sydney headquarters in Pyrmont, Sydney. There are approximately 240 staff based in the 4,000sqm facility today, scheduled to grow to approximately 300 staff by end of 2026. Overseas on the ground presence includes Virginia (USA), Denmark, Germany and Dubai, as well as distributors in over 70 countries globally.

About the role

DroneShield is seeking a GRC security specialist with relevant experience to join the team in Sydney, NSW.

At DroneShield, we want to achieve the highest levels of security which means we need to have a strong program of controls assurance, governance of our processes and risk management which can be relied on to make good decisions. You should be tenacious with your curiosity both technically and organisationally about security risks and work cross-functionally to resolve anything we don’t know.

Key responsibilities include applying extensive knowledge of Compliance frameworks to ensure continued certification or compliance to ISO 27001, ISM, DSPF, PSPF and NIST CSF. The candidate will also be responsible for managing re-certification and audit tasks.

The ideal candidate will have strong communication skills, demonstrated experience leading compliance programs in high stakes environments and worked with Australia Government compliance frameworks.

This role is skilled at finding novel ways to collect, normalise, analyse and report on our security posture. We want to be a trusted source for risk management for internal stakeholders and executives with data-driven insights. We want to have evidence of our capabilities gathered efficiently, comprehensively and at low friction. This role should be a champion for automation in control design for frameworks.

Responsibilities, Duties and Expectations 

• The GRC analyst at DroneShield will be responsible for leading Cyber Security assurance, compliance, and regulatory activities 
• Intimate familiarity and experience with the following Governance frameworks: ISO 27001, ISM, PSPF, DSPF, ASD E8, SOC 2, NIST CSF. 
• Lead continued re-certification tasks  
• Work across the entire business to ensure security controls are implemented as expected and report on non-conformity through internal audits 
• Serving as the subject matter expert for control validation within the Security team 
• Improving reporting, metrics, and assurance within GRC and with stakeholders 
• Responding to Customer compliance requirements using efficient processes and methods 
• Continuously enhance processes, leading to the creation of automation and fostering collaboration with Security, IT, Engineering and Operations 

Qualifications, Experience and Skills 

• BS degree in Computer Science, Information Technology or similar technical field of study or equivalent practical experience.  
• Experience working on and managing Security Compliance Programs  
• Minimum 5 years’ experience in related roles. Roles could include: 
• • GRC Consultant  
  • Security Engineer 
  • Security Analyst 
  • Compliance and Risk Officer 
• Knowledge of the following would also be essential: 
• • Project Management techniques and processes 
  • Vendor and Customer compliance programs 
  • Strong and demonstrable practical experience in visualising security control information, including dashboards, integrations or projects in the risk domain 
  • Large data and information handling 
  • Risk Management and ISO 31000 
  • Corporate, Infrastructure and Cloud Security fundamentals 
  • Identity and Access Management 
• Knowledge of the following would also be desirable: 
• • Comfortable on the command line in a Linux first environment 
  • Can develop scripts in one of the following scripting languages (Python, Go, etc.)  
  • Familiarity with RESTful APIs 
  • NextGen AI and LLMs 

Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed.