i-bullet Leading Australian Financial Services firm based in Melbourne i-bullet Report directly to CISO, own and drive IT Compliance and Risk i-bullet 3 days in the office, $150k Super, proven stakeholder management skills You'll be the sole IT Risk & Compliance owner in a strong, growing Financial Services security team, reporting to the CISO. This exclusive Melbourne-based role leads external audit engagements, coordinates internal audit activity and owns evidence, governance artefacts and remediation tracking end-to-end. You'll design and improve IT control frameworks, present to senior stakeholders, support control testing and RCSAs, and lift control maturity across cloud and on-prem estates. Exceptional presentation and communication skills required. About the role Own IT Risk & Compliance for the business - single point of accountability for IT controls, risk registers and compliance artefacts. Manage and coordinate external auditors and audit deliverables; collaborate closely with internal auditors and business stakeholders. Gather, validate and present audit evidence; maintain governance documents, policies and control libraries. Track audit findings and remediation, provide clear status reporting and dashboards to the CISO and senior stakeholders. Support control testing, RCSAs and assurance activities; contribute to continuous improvement of IT control maturity. SOCx experience desirable (preferred but not essential); hands-on understanding of ITGCs and cloud/SaaS controls advantageous. About you Demonstrated experience in IT governance, risk and compliance - ideally in Financial Services or another regulated environment. Comfortable managing external audit engagements and briefing senior stakeholders; exceptional presentation and communication skills. Strong attention to detail, highly organised and experienced in evidence collection, documentation and artefact management. Good working knowledge of control frameworks (SOC/ISO27001/NIST/COBIT) and IT general controls (access, change, backup). Proven ability to lift control maturity, influence technical and non-technical teams and drive remediation to closure. Tertiary qualification in IT, Cybersecurity, Risk or related discipline preferred. If you are based in Melbourne, committed to 3 days in the office, and have Australian PR or Citizenship, please apply now.
