Senior GRC Analyst

Senior GRC Analyst - Sydney | Hybrid (2–3 Days in Office)

We're working with a leading organisation looking to bring on a Senior GRC Analyst to strengthen their risk and security function. This role offers exposure across the full GRC spectrum, with a focus on technology and security in a fast-paced, highly regulated environment.

As a key member of the team, you'll work across four core areas:

Technology & GRC Tools
You’ll help shape and manage GRC tooling and processes that support governance, risk, and compliance across the tech landscape. Previous experience implementing or maintaining GRC platforms (e.g., ServiceNow, Archer, OneTrust) is highly regarded.

Vendor Risk & Security Controls
Hands-on work assessing third-party vendors, with a strong focus on security controls and frameworks. You’ll drive vendor assessments and help embed risk practices into onboarding and review processes.

Regulatory & Compliance Knowledge
Strong understanding of the Australian regulatory landscape- APRA CPS 234/230, ISO 27001, Essential 8, and other relevant standards. You’ll help ensure the business stays ahead of evolving regulatory requirements.

Stakeholder Influence & Risk-Based Decision Making
Work closely with senior leaders to guide risk-based decisions. You’ll need to communicate clearly, build trust, and influence across both technical and non-technical stakeholders.

What We're Looking For:

4+ years in GRC, cyber risk, or information security roles
Strong experience with vendor risk and security assessments
Deep understanding of Australian regulations and compliance frameworks
A collaborative approach with strong communication and stakeholder engagement skills
Industry certifications; CISSP, CISM or similar.

This is a Sydney-based role with a hybrid working model (2-3 days in the office).

Keen to hear more? Reach out for a confidential chat.