Job Description The Governance, Risk, and Compliance Consultant is the operational engine responsible for executing and maturing the lifecycle across highly regulated and government portfolios. This role is crucial for developing, authoring, and rigorously maintaining essential security documentation, notably the System Security Plans and Security Risk Management Plans. A core function involves ensuring absolute compliance and demonstrable alignment with the Australian Government's Protective Security Policy Framework and the Information Security Manual controls, ultimately supporting the formal accreditation and continuous security assurance of sensitive and classified systems. Accreditation Documentation Mastery: Develop, review, and maintain critical security documentation, specifically System Security Plans and Security Risk Management Plans, essential for meeting ISM and PSPF accreditation criteria. Risk Management Leadership: Conduct thorough, detailed risk assessments and govern both enterprise and project-level risk registers, ensuring strict alignment with ISO 31000 principles and ISM risk methodology. Security Accreditation Support: Directly support the formal security accreditation and certification processes for systems designated to operate within classified or highly sensitive environments. Expert Compliance Advisory: Serve as the subject matter expert, providing authoritative advice on compliance with key government mandates: PSPF, ISM, Essential Eight, and the Australian Privacy Principles. Framework Maturity Assessment: Lead maturity assessments and conduct comprehensive gap analyses against the PSPF, ISM, and ISO 27001 security management frameworks. Policy and Standard Governance: Develop, socialize, and maintain the foundational policies, standards, and procedures that govern organizational security, risk, and compliance. Assurance by Design: Collaborate actively with security architects and engineers to ensure that compliance and assurance objectives are effectively integrated into solution design from inception. Reporting and Stakeholder Engagement: Prepare clear, concise reports and presentations for executive stakeholders, auditors, and formal accreditation authorities. Audit Readiness and Support: Coordinate and support both internal and external audits, ensuring that all control artefacts and evidence are complete, accurate, and readily available. Cultivate Compliance Culture: Design and deliver security awareness and training sessions to systematically foster a strong, organization-wide culture of security and compliance. Regulatory Monitoring: Proactively monitor and assess changes in legislative and regulatory requirements, advising leadership on potential business and control impacts.
