About the role The Security team is a nimble team responsible for protecting DroneShield's assets and users. Our adversaries are sophisticated and use state-of-the-art tooling. To protect DroneShield, we need to focus on the biggest risks, eliminate threats, focus on automation to scale our efforts and continually increase the cost for the attackers. At DroneShield, we aim to achieve the highest levels of security through strong controls assurance, effective governance, and risk management that leadership can rely on to make informed decisions. This role approaches GRC with an engineering‑led mindset, focusing on practical frameworks, automation, and tight integration with broader security and privacy functions. As a GRC Specialist, you will bring curiosity and rigour to understanding security risks - both technical and organisational. You’ll work closely with teams across the business to identify blind spots, close gaps, and ensure that security risks are well understood and appropriately managed. A core part of this role is developing effective ways to collect, normalise, analyse, and report on our security posture. You will help establish GRC as a trusted source of risk insight for internal stakeholders and executives, delivering clear, data‑driven reporting that supports decision‑making. You will be expected to champion low‑friction, high‑quality evidence collection and the use of automation across control design and assurance activities. The goal is not compliance for its own sake, but scalable, reliable security governance that keeps pace with a fast‑growing, technology‑driven organisation. Strong communication skills and stakeholder management are a must have. Responsibilities, Duties and Expectations Supporting and continuously improving the organisation’s risk management framework, including risk identification, assessment, treatment, and reporting Maintaining and operating an Information Security Management System (ISMS) aligned to ISO/IEC 27001, including control design, evidence collection, and continuous assurance activities Ensure compliance with a wide range of frameworks and standards, including ISO 27001, ISM, PSPF, DSPF, ASD E8, DISP, and NIST Developing, reviewing, and maintaining security policies, standards, and procedures that are clear, practical, and aligned to business needs Working with engineering, security, IT, legal, privacy, and business teams to ensure controls are implemented effectively and risks are properly understood Coordinating and contributing to internal audits, external audits, certifications, and surveillance activities Managing third‑party risk lifecycle, including security questionnaires, risk reviews, and ongoing vendor monitoring Helping to improve automation, tooling, and reporting around compliance and assurance activities to reduce manual effort and improve insight Qualifications, Experience and Skills BS degree in Computer Science, Information Technology or similar technical field of study or equivalent practical experience Minimum 5 years’ experience in related roles. Roles could include: GRC Consultant GRC Analyst GRC Engineer GRC Officer Cyber Security Risk Analyst Privacy and Compliance Specialist Knowledge of the following is essential: Experience supporting or operating an ISMS, including audits, risk registers, and control evidence Strong and demonstrable practical experience with risk management frameworks and methodologies Hands-on experience managing the third-party lifecycle, including compliance, onboarding, monitoring, and off-boarding Proven ability to develop and implement security policies and procedures Foundational understanding of hybrid infrastructure, including cloud platforms (e.g., AWS) and on-premises servers Required Skills: Strong written and verbal communication skills, with the ability to explain risk and compliance topics to both technical and non‑technical audiences Good stakeholder management skills and the confidence to work with teams across engineering, operations, and leadership A detail‑oriented mindset, balanced with the ability to prioritise what matters most from a risk perspective A pragmatic approach to compliance — focused on meaningful risk reduction, not checkbox exercises Curiosity and initiative, with a willingness to dig into unfamiliar areas and ask the right questions The ability to manage multiple workstreams and deadlines in a growing organisation Nice to have: Relevant security or GRC‑related certifications, training, or progress toward certification Experience with GRC or compliance tooling (e.g. Vanta, Drata, ServiceNow, or similar) Exposure to privacy regulations or regulated environments (e.g. Australian Privacy Act, critical infrastructure, government, or defence‑related industries) Basic scripting or automation experience (e.g. Python, APIs) to support compliance workflows Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed.
