Job Description: GRC Specialist – NIST Audit SME Role Type: Contract Location: Melbourne Engagement: Full end‑to‑end NIST Audit delivery - 6 months to start About the Role We are seeking a highly experienced GRC Specialist with deep expertise in conducting end‑to‑end NIST audits . This role requires a true subject matter expert who has personally executed NIST audits—not simply supported them. You will lead the full audit lifecycle, manage interactions with auditors, streamline evidence collection, and optimise governance processes to ensure efficiency, repeatability, and minimal manual effort. The ideal candidate is hands‑on, confident, and capable of operating autonomously with minimal direction. You will be the primary point of contact for both auditors and internal stakeholders, ensuring all evidence requests are understood, prioritised, and delivered to the highest standard. Key Responsibilities NIST Audit Delivery (Primary Focus) Lead and deliver the end‑to‑end NIST audit , acting as the organisation’s NIST SME. Prepare, coordinate, and manage all auditor interactions, ensuring requirements are clearly understood and fulfilled. Manage ~200 evidence requests, with a strong understanding of what documentation, artefacts, and controls are required. Independently determine which artefacts to collect, where they come from, and how to present them effectively. Ensure high‑quality and complete submissions to auditors, reducing rework and follow‑up requests. Evidence Collection & Process Optimisation Design and implement streamlined, low‑touch processes for evidence collection, ensuring minimal manual involvement. Identify redundancies and opportunities for automation (non‑technical automation – not scripting) . Enhance the governance workflow to ensure audit processes are repeatable and efficient. Apply critical thinking to improve evidence quality, traceability, and consistency. Stakeholder & Vendor Management Collaborate effectively with technology, security, and business stakeholders to gather required materials. Manage third‑party vendors and auditors, ensuring clear communication and timely delivery. Educate stakeholders on audit requirements and uplift their understanding of risk, compliance, and controls. Risk & Compliance Review risks and ensure quality, completeness, and alignment with governance frameworks. Support uplift activities ensuring risk information is accurate, contextualised, and actionable. Assist adjacent compliance obligations such as JSOX , particularly around process optimisation and stakeholder coordination. Skills & Experience Required Essential Extensive hands‑on experience conducting NIST audits independently (end‑to‑end lifecycle). Strong understanding of NIST frameworks, controls, evidence requirements, documentation standards, and auditor expectations. Demonstrated experience engaging auditors directly and managing high‑volume evidence requests. Deep knowledge of GRC best practice, audit workflows, and control design/assurance. Strong stakeholder management skills, with the ability to influence and guide non‑technical teams. Proven ability to identify inefficiencies and implement streamlined, automated, or optimised audit processes. Highly Desirable Experience with JSOX compliance frameworks. Exposure to risk management tooling and GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, etc.). Background in cyber security governance rather than operational or technical delivery. Ability to work autonomously while educating stakeholders and improving internal maturity. Personal Attributes Operates as a true SME—confident, proactive, and independent. Strong communicator who can simplify complex requirements for diverse audiences. Detail‑oriented with strong organisational and planning skills. Comfortable working in environments that require structure, process uplift, and maturity improvement.
