About the role The GRC Analyst role plays a key part in operationalising the Fivecast Security, Privacy & Trust (SPT) function. Reporting to the GRC Lead, this role moves beyond theoretical compliance to practical implementation within a high-growth SaaS environment. The position is responsible for executing the day-to-day activities that keep the company secure, compliant, and commercially competitive. It requires a pragmatic individual who can interpret complex frameworks (ISO 27001, NIST 800-171, DISP) and translate them into frictionless processes for technical and business teams. Responsibilities Delivery of core GRC tasks, including compliance evidence lifecycle management and organisational risk management. Coordinate the preparation and execution of external audits (ISO 27001, UK Cyber Essentials Plus, DISP), ensuring stakeholders are prepared and evidence is current. Operationalise the vendor security assessment process, reviewing third-party security controls and monitoring supply chain risk. Conduct periodic reviews of internal controls, identifying gaps and writing SOPs to replace tribal knowledge with repeatable standards. Coordinate the security awareness training program, ensuring content is relevant, engaging, and fosters a "Security Champion" culture. Support the sales process by authoring responses to Customer Security Questionnaires with accuracy and speed to unblock commercial opportunities. Requirements Defence Clearance Australian Citizen. Must be eligible to obtain an Australian Government Security Clearance (NV1/NV2). Current clearance is highly desirable. Experience: 2-5 years of experience in IT, with a focus on Information Security, GRC, or IT Audit. Demonstrated application of security frameworks (e.g., ISO 27001, NIST 800-171, CMMC, Essential 8, UK Cyber Essentials) in a professional setting. Experience utilizing GRC automation platforms (e.g., Vanta, Drata) and work management tools (Jira, Confluence) is highly desirable. Exposure and understanding of cloud environments (AWS) and modern identity platforms (Entra ID) is a plus. Qualifications: CompTIA Security and CISA or ISO 27001 Lead Implementer/Auditor certifications (or equivalent). Tertiary qualifications in Information Security, Business, or IT are desirable. Skills and Attributes: Ability to apply "right-sized" security controls appropriate for the risk, prioritising business velocity while upholding standards. Strong written and verbal skills, capable of articulating technical security concepts to diverse technical, business, and executive audiences. A self-starter who can navigate ambiguity by asking the right questions, identify existing patterns, and solve operational problems independently. High level of attention to detail and consistency, particularly regarding documentation, evidence management, and policy maintenance.
