Cyber Security - Governance, Risk and Compliance Specialist (AU)

Job Description

Cyber Security - Governance, Risk and Compliance Specialist (AU) DroneShield DroneShield is a global provider of counterdrone defense solutions, specializing in C-UxS AI, RF sensing, AI/ML, Sensor Fusion, Rapid Prototyping & MIL-SPEC manufacturing. Work with cutting-edge technology, making the world a safer and more secure place. DroneShield (ASX:DRO) offers an opportunity to solve some of the world’s most challenging technical problems in Electronic Warfare, Artificial Intelligence and Machine Learning, RF sensing, Sensor Fusion, and distributed systems. Working with high-profile customers across militaries, government agencies, airports, critical infrastructure, law enforcement, and many others. This role is in the DroneShield Sydney headquarters in Pyrmont, Sydney. There are approximately 240 staff based in the 4,000sqm facility today, scheduled to grow to approximately 300 staff by the end of 2026. Overseas on-the-ground presence includes Virginia (USA), Denmark, Germany, and Dubai, as well as distributors in over 70 countries globally. About the role DroneShield is seeking a GRC security specialist with relevant experience to join the team in Sydney, NSW. At DroneShield, we want to achieve the highest levels of security which means we need to have a strong program of controls assurance, governance of our processes, and risk management which can be relied on to make good decisions. You should be tenacious with your curiosity both technically and organizationally about security risks and work cross-functionally to resolve anything we don’t know. Key responsibilities include applying extensive knowledge of Compliance frameworks to ensure continued certification or compliance to ISO 27001, ISM, DSPF, PSPF, and NIST CSF. The candidate will also be responsible for managing re-certification and audit tasks. The ideal candidate will have strong communication skills, demonstrated experience leading compliance programs in high-stakes environments, and experience with Australia Government compliance frameworks. This role is skilled at finding novel ways to collect, normalize, analyze, and report on our security posture. We want to be a trusted source for risk management for internal stakeholders and executives with data-driven insights. We want to have evidence of our capabilities gathered efficiently, comprehensively, and with low friction. This role should be a champion for automation in control design for frameworks. Responsibilities, Duties and Expectations The GRC analyst at DroneShield will be responsible for leading Cyber Security assurance, compliance, and regulatory activities. Intimate familiarity and experience with the following Governance frameworks: ISO 27001, ISM, PSPF, DSPF, ASD E8, SOC 2, NIST CSF. Lead continued re-certification tasks. Work across the entire business to ensure security controls are implemented as expected and report on non-conformity through internal audits. Serve as the subject matter expert for control validation within the Security team. Improve reporting, metrics, and assurance within GRC and with stakeholders. Respond to Customer compliance requirements using efficient processes and methods. Continuously enhance processes, leading to the creation of automation and fostering collaboration with Security, IT, Engineering, and Operations. Qualifications, Experience and Skills BS degree in Computer Science, Information Technology, or similar technical field of study or equivalent practical experience. Experience working on and managing Security Compliance Programs. Minimum 5 years’ experience in related roles. Roles could include: GRC Consultant Security Engineer Security Analyst Compliance and Risk Officer Knowledge of the following would also be essential: Project Management techniques and processes. Vendor and Customer compliance programs. Strong and demonstrable practical experience in visualizing security control information, including dashboards, integrations, or projects in the risk domain. Large data and information handling. Risk Management and ISO 31000. Corporate, Infrastructure, and Cloud Security fundamentals. Identity and Access Management. Knowledge of the following would also be desirable: Comfortable on the command line in a Linux-first environment. Can develop scripts in one of the following scripting languages (Python, Go, etc.). Familiarity with RESTful APIs. NextGen AI and LLMs. Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed. #J-18808-Ljbffr