About the Opportunity – Senior Cyber GRC Analyst  

As Senior Cyber Security Governance, Risk and Compliance (GRC) Analyst, you will be a key contributor to the ongoing development and delivery of WorkCover’s cyber GRC function. Reporting to the Cyber Security Governance and Compliance Manager, you’ll lead critical cyber governance activities that enable risk-informed decision making, operational resilience, and compliance with industry standards. You’ll collaborate closely with cyber, IT, and business stakeholders to lead the development and execution of security risk assessments, control assurance, third-party due diligence and awareness programs. You’ll be a trusted advisor on cyber risk to senior stakeholders and help ensure WorkCover remains resilient in an evolving threat landscape. 

This is a role for a seasoned cyber security professional who brings a risk mindset, technical expertise, and the ability to turn frameworks and standards into practical, value-driven outcomes. Your focus will be ensuring the effective implementation of our Information Security Management System (ISMS), uplifting cyber resilience, and enabling secure transformation delivery. 

You’ll also contribute to: 

• Lead cyber security control assessments and assurance activities across our Information Security Management System (ISMS) 

• Drive risk-informed decision making by delivering end-to-end cyber risk assessments, particularly for third parties and key initiatives 

• Facilitate cyber risk forums and provide expert insights to senior leadership on risks, controls and mitigation strategies 

• Provide expert guidance and influence across cyber policy development, control design, and audit response 

• Coordinate cyber team planning and delivery, ensuring clear priorities, accountability, and alignment with enterprise transformation initiatives 

• Contribute to uplift of WorkCover’s GRC capability through process optimisation, assurance design and risk analytics 

A bit about you: 

You’re an experienced cyber governance and risk expert with at least 7+ years in cyber security, risk, or compliance roles within regulated, complex environments. You know how to translate risk frameworks into operational controls and are comfortable influencing decisions at all levels of the organisation. 

You bring: 

• Proven experience leading cyber GRC initiatives in large organisations 

• Deep knowledge of security standards and frameworks like ISO27001, NIST CSF, and the Essential 8 

• Strong communication and influencing skills, with the ability to engage both technical and non-technical stakeholders 

• Experience with third-party cyber risk, awareness programs, and security policy development 

• A collaborative mindset and the ability to lead and uplift others in a high-performing cyber team 

• Certifications such as ISO27001 Lead Auditor/Implementor, CRISC, CISA, or CISSP are highly regarded 

• You’re curious, delivery-driven, and motivated by continuous improvement. You thrive on simplifying complexity, solving problems with agility, and building a strong culture of cyber security awareness and accountability. 

For more information, the Senior Cyber GRC Analyst position description is available on the intranet. 

How do I apply? 

Please submit your resume and a covering letter of no more than two pages, outlining your suitability and motivations for the role. 

Applications close at 5PM, on Tuesday 29th of July.  Prior to applying, please discuss your intent to apply with your leader and take a look at our expression of interest tips.  

The Senior Cyber GRC Analyst position description is available on the intranet.   

This role is graded at Individual Contract. If you have any questions about this opportunity, please contact Chris Yeoh or Angela Ng.