About eSafety At eSafety, we are pioneers in online safety regulation, leading global efforts to combat digital harms and foster safer, more positive online experiences for all Australians. Our mission is bold and far-reaching. From tackling cyberbullying and child sexual exploitation, to confronting emerging harms brought about by new innovations such as generative AI and immersive technologies, we oversee Australia's online safety landscape. About the team Sitting within the Corporate and Strategy Division, the Technology, Data & Digital Enablement Branch is a critical enabling service that includes the following functions: Business Applications Digital and Web Products Data, Information Management and AI IT Operations and Cyber Security The Branch also works closely with its counterparts within the ACMA in the delivery of some shared corporate ICT services but operates its own cloud platform, specialist business systems and digital products related to eSafety's regulatory operations. These include all public facing digital services accessed via the eSafety website and back-end systems to support regulatory compliance and enforcement, complaint handling, investigations, intelligence, and data analytics capabilities. The IT Operations and Cyber Security team is responsible for supporting the operation of secure and trusted systems by: Proactively managing eSafety's cyber security landscape. Implementing, managing and monitoring fit-for-purpose security tools. Maintaining awareness and integrating with whole-of-government security frameworks. Supporting and advising eSafety staff to understand their security responsibilities. The IT Operations and Cyber Security team is a key advisor to the Chief Information and Data Officer (CIDO) and Chief Information Security Officer (CISO) and Cybersecurity Steering Committee. The team undertakes a range of functions to support the CIDO & CISO, including developing and maintaining risk, compliance and system accreditation registers. The team is also responsible for cyber security operations, working collaboratively with a broad range of key internal and external stakeholders and service providers to drive and deliver security outcomes through program, project and business as usual activities. About the role This is an exciting opportunity to make a difference in a small and growing agency working on the front lines of online safety. The Cyber Governance, Risk and Compliance (GRC) Specialist reports directly to the IT Security Manager and is part of the IT Operations and Cyber Security team, providing critical eSafety-wide advice, expertise, and management of IT security. In this role you will support the Cyber Security program providing guidance on security controls, conducting risk assessments, and ensuring compliance with Australian Government standards. A key part of the role will involve identifying current and emerging risks and implementing mitigation strategies across eSafety's IT security environment, as well as maintaining IT compliance and enabling secure innovation across the organisation. The key duties of the position include Governance & Compliance Develop and maintain documentation on governance best practices for systems risk, compliance, authorisation processes, and evidence collation. Refine and uplift internal cyber security governance, risk, and compliance (GRC) frameworks to ensure alignment with regulatory requirements and industry best practices. Provide expert advice on compliance with relevant frameworks, including the Protective Security Policy Framework (PSPF), Information Security Manual (ISM), and eSafety standards. Support the development and communication of security-related policies, standards, guidelines, and procedures, including proposing justified variances to standards when necessary. Security Architecture & Accreditation Contribute to the design and uplift of security architecture and controls across eSafety systems. Collaborate with internal and external stakeholders to ensure security requirements are embedded in new projects and initiatives. Develop accreditation artefacts such as TRA, SSP, SRMP, SAP, POAM, IRP, and CMP to support the Authority to Operate (ATO) process. Operational Support & Oversight Assist with security operations and cross-functional teams as required. Maintain a fit-for-purpose governance and assurance framework for security activities. Deliver reporting on key control and risk indicators to meet internal and federal government security obligations (e.g. Essential Eight, PSPF). Awareness & Leadership Lead, influence and mentor staff to foster cyber security awareness and capability development. Manage Cyber Security vendors and service providers performance to ensure value-for-money outcomes and compliance with contractual obligations. Provide inputs for executive reporting and stakeholder engagement, including updates on risk assessments and compliance status. Mandatory qualifications and experience: 5 years of professional experience in cyber security or 10 years of professional experience in IT. Click 'Apply now' to visit our careers page and access the Cyber Governance, Risk and Compliance Specialist Candidate Pack for full details.
