About Us Welcome to Barry Nilsson. For 60 years, we’ve been shaping a better experience for our clients and our people. What sets our firm apart is not just what we do, but who we are: a team known for its collaborative spirit and commitment to excellence, inclusion, and innovation. As an award-winning national law firm, we’ve built a culture that empowers you to not only grow your career, but be your authentic self while you do it. About the Team You will join a tight knit and collegiate Technology team comprising 9 people who provide IT support to the firm nationally. Reporting to the Head of IT, you’ll work as part of a fast-paced and service-focussed team. About the Role Due to continued growth, we’re seeking an experienced Cyber Security and Compliance Manager to join our team based in either Sydney, Melbourne or Brisbane. This role is responsible for establishing and maintaining the firm’s cyber security governance, risk and compliance framework. The role is a hands-on role and leads the alignment of the firm’s information security controls and practices to ISO/IEC 27001, delivering initial certification, and embed ongoing operational practices to remain audit ready. The key responsibilities for this role are: assessing and uplifting the firm’s cyber controls prioritising material risks to client confidentiality, service availability, and operational continuity; leading the ISO/IEC 27001 program, including scope definition, gap assessment, Statement of Applicability, control design/implementation, internal audit coordination, management reviews, corrective actions, and certification audit support; establishing and maintaining an ongoing audit-ready operating model, centralising data collection within the firm’s audit management tool, Vanta; coordinating responses to client APRA CPS 234 audits, assurance reviews, tender and cyber due diligence responses, and client security questionnaires, including evidence collation, vendor engagement, remediation planning, and the prompt closure of findings; partnering with IT, Risk & Audit committee, Cyber Security Committee, Business Services and Principals & Directors to embed security-by-design into projects, system changes, and operational processes; leading third-party / vendor security risk management; owning the firm’s information security management system (ISMS) and associated governance; overseeing security awareness and compliance activities and monitoring compliance to required controls; and other duties and related projects as required across IT, Risk & Audit committee, Cyber Security committee and Business Services. About You We’re looking for someone who brings both technical capability and a genuine commitment to exceptional service. You’ll ideally have: a relevant tertiary qualification or equivalent experience; demonstrated experience responding to assurance activities such as APRA CPS 234-aligned assessments, SOC report review, client questionnaires, and third-party audits; demonstrated experience leading or materially contributing to ISO/IEC 27001 implementation and certification; minimum 5 years’ experience in cyber security governance, risk and compliance, technology risk, or a similar role; strong working knowledge of ISO/IEC 27001 and typical control sets (incl. risk assessment, policies/standards, asset management, access control, supplier security, incident management, and continual improvement); practical experience establishing and operating an ISMS, including evidence management and internal audit coordination; understanding of APRA CPS 234 requirements and common audit / assurance expectations (or strong capability to learn quickly in regulated contexts); experience with third-party risk management processes and security assessment of vendors; ability to translate technical security requirements into clear policies, standards and guidance suitable for a professional services environment; and strong stakeholder management skills. Benefits of Working with Us Just to name a few, we have: been acknowledged as an ‘Employer of Choice’ for the last 7 years; progressive policies including a 9.5-day fortnight, working from home, purchase of leave options, volunteer leave, and a public holiday swap policy; an annual performance bonus scheme designed to recognise and reward strong performance; a relaxed office environment where you can “Dress for your Day”; access to our Health & Wellbeing program, BNWell, which supports the mental, physical and financial wellbeing of our people including a yearly health & wellbeing allowance and a health & wellbeing leave day; and a shared care parental policy with equal leave for all parents. Ready to Go Further? From your first day, expect to be embraced for who you are — because we’re a firm defined by our people. Step into a workplace where individuality is celebrated, ambitions are realised, and collaboration drives success. At Barry Nilsson, it’s about being you and going further. Apply today. To make a confidential application, please click ‘Apply Now’ and address your application to Jo Clementson, People & Culture Adviser. This vacancy is being managed exclusively by the BN People & Culture team. Should we require external support, we will reach out to our preferred agencies directly. Barry Nilsson is committed to building a diverse, inclusive and flexible workplace where all of our people are supported to be their authentic selves, valued for their unique contributions, rewarded fairly, connected to colleagues, and empowered to achieve their full potential. We welcome applications from Aboriginal & Torres Strait Islander peoples, LGBTIQ, as well as people of all ages, genders, abilities and cultures. Feel free to chat to the recruiter for this position regarding any accommodations or adjustments you may require to the role or the recruitment process to ensure your equitable participation. LI-Hybrid Apply now Share Save Job
