Reporting to the Cyber Security Governance and Compliance Manager, you’ll collaborate with internal stakeholders across cyber, IT, and business to deliver operational GRC outcomes - from control testing and policy development to risk-based reporting and third-party assurance. You’ll contribute to risk-informed decision-making and help ensure WorkCover remains secure and resilient in a dynamic regulatory and threat landscape.  

You’ll also contribute to: 

• Lead control assessments, internal assurance and evidence collection activities across WorkCover’s ISMS 

• Support internal and external audits, ensuring evidence readiness and cyber GRC alignment 

• Collaborate with technical and business stakeholders to perform cyber risk assessments and uplift control maturity 

• Monitor and report on cyber risks, control gaps and assurance outcomes to enable effective remediation 

• Track emerging risks and contribute to improving cyber policies, standards and frameworks 

A bit about you: 

You’re a capable and proactive cyber security professional with experience across GRC, compliance, or risk. You’re detail-oriented and able to manage complexity without losing sight of the big picture. Whether coordinating a control review or supporting audit prep, you’re organised, collaborative and always looking for ways to improve. 

You bring: 

• Minimum 5+ years’ experience in cyber GRC, information security, or technology risk roles 

• Familiarity with ISMS practices and frameworks such as ISO27001, NIST CSF and or Essential 8 

• Experience in testing or reviewing cyber controls, assessing risk, and supporting assurance activities 

• Strong communication skills with the ability to engage technical and non-technical stakeholders 

• Working knowledge of GRC platforms (e.g. Protecht), Microsoft security stack, and cloud governance concepts 

• Relevant certifications such as ISO27001, CRISC, or CISA are desirable but not essential 

You’re someone who enjoys solving problems, engaging across teams, and contributing to cyber security outcomes that matter. You take pride in your work and thrive in a fast-paced, collaborative environment where your input makes a difference. 

The Cyber GRC Analyst position description is available on the intranet.