Cyber GRC Officer

The Company

Civmec is an Australian-owned, integrated, multidisciplinary heavy engineering and construction services provider to the energy, resources, infrastructure, marine and defence sectors. Our diversification enables us to operate extensively across the nation, supporting a wide range of landmark projects and providing variety and career development opportunities for our workforce.

Join the Civmec Team

We are seeking a skilled Cyber GRC Officer to join our team. Your primary focus will be on enhancing security governance, risk management, and compliance with security processes and procedures across the organisation. You will leverage your expertise in security frameworks such as NIST, the Australian ISM, and the ASD8 maturity model to ensure our security posture is measurable and aligned with business needs.

Location: Henderson, WA
Employment Type: Full-time

The Role

• Identify and assess security risks within the organisation.
• Align security policies and procedures with key security frameworks and standards such as NIST, the Australian ISM, and ASD8.
• Analyse requirements of information security posture as well as legal and regulatory obligations.
• Evaluate the effectiveness and consistency of security controls, including auditing internal cyber security measures and assessing third-party and supply chain risks.
• Conduct risk assessments and support the wider risk management process.
• Author, review, and assist in approving policies, standards, and procedures.
• Act as the GRC Officer for IT and Cybersecurity Projects, ensuring processes and procedures are properly documented and controlled.
• Communicate any control failures to relevant stakeholders and suggest corrective actions.
• Track and update security registers to ensure all measures are documented and current.
• Stay informed and up to date with legal and regulatory obligations relevant to the business.
• Assist in the development of internal information security manuals tailored to business requirements.
• Facilitate internal audits of the organisation's cyber security controls and processes.
• Support independent audits of cyber security controls and processes.
• Coordinate security awareness training, incorporating insider threat awareness using the company LMS.

About You

• Qualifications in an IT-related discipline with significant cyber security governance, risk, and compliance exposure.
• CISSP, CISM, CRISC, ISO27001 Lead Implementer/Auditor.
• 3-5 years’ experience in IT Security Governance, Risk & Compliance.
• Experience with alignment to one or more of the following – Australian ISM, ASD Essential 8, ISO27001, NIST SP 800-171, DEFSTAN 05-138, IRAP, PSPF, DSPF.
• Experience with risk management principles and methodologies. Experience with auditing compliance across any of the mentioned frameworks.
• Experience working with defence industry security program (DISP) requirements is desirable

Due to the Security Clearance required for this position, applicants must be an Australian Citizen and eligible to obtain and uphold a NV1 Security Clearance through the Australian Department of Defence.

Civmec + You

At Civmec, we offer an inclusive workplace built on family values, with a ‘Never Assume' culture, sustained by our experienced and supportive management team. We believe our workforce is our greatest asset, and that's why we provide an environment rich in career development opportunities to upskill and develop professionally. Our generous Reward and Recognition scheme recognises employees that go the extra mile. Our staff benefits scheme gives you access to accident and sickness insurance, and a range of travel, entertainment, vehicle and lifestyle discounts.

How to Apply

Please click the “apply” link to start your application. We look forward to starting the pathway to your career with Civmec.

Alternatively, please email recruitment@civmec.com.au for a confidential chat or call our Recruitment Team on (08) 6595 5888.
Civmec is an equal opportunity employer and encourages applications from Aboriginal and Torres Strait Islanders. Defence force experience is desirable, and veterans are encouraged to apply. We respectfully request no agency submissions.
Follow us on LinkedIn, Facebook and Instagram for news, updates and career opportunities!