Senior Cybersecurity GRC&A Analyst

VicRoads Registration and Licensing Services (RLS) has undergone a major organisational transformation and now, as a corporate entity, is creating a stronger business model to deliver VicRoads' long-term strategy.

The outcome of this corporate transformation is greater investment in our people, systems and technologies which will not only deliver greater capability internally but enable the delivery of new digital products and services to enhance the experience for our customers, our partners, and the Victorian community.

You have an amazing opportunity to make a truly significant impact on our team, the wider business as well as our stakeholders during this exciting period of growth for the company.

Annual Salary Range: Up to $160,0000 + Super

Employment Type: Ongoing - Full-Time 

Usual Work Location: QV 180 Lonsdale Street CBD/ Work from home

Are you passionate about creating products and experiences that not only meet user needs but also captivate their hearts and minds? Are you excited about the challenge of balancing customer desirability with business viability, technology feasibility and broader business strategy to deliver exceptional experiences? If so, we have an incredible opportunity for you! 

We are seeking a talented and driven individual to join our dynamic Technology Operations team. As a team member, you will play a pivotal role in working with our business and helping to support and provide engineering services to the digital platform.  You will work alongside a group of passionate professionals who are dedicated to delivering innovative solutions that exceed customer expectations. 

Your team is part of the Technology division, a team that are truly collaborative and passionate, and work closely together to deliver outcomes that positively transform the way our customers use our services.  

About the Opportunity 

We are seeking a highly skilled and experienced Senior Cybersecurity Governance, Risk, Compliance, and Assurance (GRC&A) Analyst to join our growing cybersecurity team. This individual will be responsible for the development, implementation, and ongoing improvement of the organisation’s cybersecurity governance, risk management, compliance, and assurance activities. The Senior GRC&A Analyst will play a key role in ensuring that the organisation’s cybersecurity posture adheres to industry standards, regulatory requirements, and best practices, while ensuring continuous monitoring and improvement in alignment with evolving risks.

• Governance: Develop, implement, and maintain cybersecurity governance frameworks and policies aligned with industry standards to ensure regulatory compliance and effective risk management. This includes aligning cybersecurity strategies with business objectives, defining governance roles and processes, and supporting senior leadership in executing governance initiatives.
• Risk Management: Lead cybersecurity risk assessments to identify and evaluate risks impacting organisational operations, data, and systems, and develop and implement effective mitigation strategies. Continuously monitor the evolving risk landscape and collaborate with stakeholders to embed risk management into daily business processes.
• Compliance: Ensure ongoing compliance with relevant cybersecurity laws, regulations, and standards by leading audits, assessments, and gap analyses to identify and remediate non-compliance. Collaborate with legal, privacy, and regulatory teams to interpret evolving requirements and integrate them into organisational practices
• Assurance: Conduct regular cybersecurity assurance activities, including control and vulnerability assessments, to validate the effectiveness of security measures and compliance with policies. Deliver assurance reporting to leadership with insights and recommendations for continuous improvement
• Incident Management and Reporting: Support the incident response process to ensure compliance with governance, risk, and regulatory requirements. Document incidents and conduct post-incident reviews to identify improvements and enhance future response efforts
• Also: Serve as a subject matter expert, working with business and technical stakeholders to drive awareness of cybersecurity governance, risk, and compliance initiatives. Provide training on security requirements, communicate risk findings to non-technical stakeholders, stay informed on industry developments, and identify opportunities for enhancing GRC&A processes, policies, and tools.

About you 

You are a highly skilled cybersecurity professional with over 5 years of experience in governance, risk management, compliance, and assurance, ideally within large enterprises or complex organisations. Your expertise spans cybersecurity technical knowledge, large-scale transformation projects, and managing risk and compliance assessments. You are well-versed in key industry regulations and frameworks such as VPDSS, PCI-DSS, NIST, and ISO 27001, with a strong grasp of governance frameworks and compliance best practices.

You have hands-on experience with GRC platforms and tools, such as Prothect and Process Unity, and are a proven leader with the ability to drive change across organisations. Your strong analytical and communication skills allow you to present complex cybersecurity concepts clearly to both technical and non-technical stakeholders. You are committed to maintaining privacy, data security, and mitigating fraud and corruption risks while promoting a culture of integrity and ethical behaviour within your team.

With a Bachelor's degree in Cybersecurity (Master's preferred) and advanced certifications like CRISC, CISSP, or CISM, you are passionate about continuous learning and staying ahead of emerging cybersecurity trends to protect and enhance business operations.

Culture: 

To attract, retain and develop talented people, we provide genuine flexibility, a culture that supports people to be their best and on top of that - great opportunities for career development. We embrace diversity and inclusion and are proud our workforce reflects the community we serve. 

What we offer: 

• Competitive salary and benefits 
• Supportive, diverse, and inclusive work environment 
• Opportunities for professional and personal development 
• Flexible working arrangements and family friendly practices 

How to Apply 

Please submit your application via the “Apply” button. Applications should include a resume and a brief covering letter.

For a copy of the Position Description please email talentacquisition@vicroads.com.au  

Unfortunately, applications cannot be accepted via this email.  

VicRoads is required to evidence your right to work in Australia and may ask for your consent to check records maintained by the Department of Immigration and Border Protection as well as records maintained by Victoria Police and VicRoads as part of the selection process. Information provided to VicRoads will be treated in the strictest confidence.