IT Security GRC Manager

Job Description

MinterEllison is one of Australia’s largest law firms, with nearly 200 years of business history. We're known for our legal and consulting expertise - and for our inclusive and authentic character. Our purpose is to create sustainable value with our clients, people and communities. That means we have a proud history of providing excellence to clients, nurturing our people and giving back to the communities in which we live and work. We value excellence, curiosity and collaboration. Clients rely on us for our responsive, commercial approach. Our clients include government departments and agencies, private and publicly listed companies, and small and large businesses in Australia and overseas. We are currently recruiting for an experienced IT Security GRC Manager to join our internal digital team based in either our Sydney, Melbourne or Brisbane office. In this role, you will be responsible for managing and maintaining the end to end IT security GRC portfolio under our IT security assurance practice. The IT security assurance practice covers: cyber risk management, compliance framework and certification program, client assurance and contract reviews, supply chain security, internal audit, and cyber awareness program. The ideal candidate will possess in-depth experience and knowledge in information systems environment with at least 2 to 3 years hands-on, direct experience in managing assurance programs. This is a senior role reporting into the CISO, and will also be 2IC to CISO as required. The desired candidate will be motivated and excited to inspire people at all levels of the business to implement and uphold information security best practices and standards. This role will involve working collaboratively with a cross-section of teams across business operations and will have one direct report. Agile working arrangements are supported at the firm with a minimum of 3 days in the office required. In this role you will have the opportunity to: Uplift and develop a high-performing IT security GRC practice across all IT security assurance areas, fostering a culture of excellence, collaboration, and continuous learning Implement a robust IT security compliance framework program integrating multiple compliance certification, frameworks, policies and standards Lead and maintain certifications across multiple standards/frameworks and internal audits Perform cyber hygiene audits to ensure compliance with external and internal policies, regulations, standards and compliance with client contracts Lead client assurance program including responding to client audits/questionnaires, reviewing client cybersecurity contracts, updating MinterEllison Trust Centre and maintaining a high client engagement & experience Collaborate with Chief Risk Office to manage and maintain cyber risk lifecycle including cyber risk registers and dashboards Lead supply chain cyber risk management program including annual reviews and spot checks Maintain cyber security awareness and training programs including role-based training across the Firm Provide high quality reporting and updates on cyber security to senior leadership including KPIs/KRIs Assist with IT security operations on any cybersecurity incidents during and, if required, after business hours Ensure efficient use of managed security services and/or external consultants in the GRC domain. People leadership responsibility for one direct report. More About You 8 years+ demonstrated, direct, hands-on experience in the above-mentioned GRC areas, including 2-3 years hands-on, direct experience in managing assurance programs Strong written and verbal communication skills to engage with all levels of business Pragmatic and collaborative with various stakeholders with the ability to bring people on a journey Demonstrated experience in writing high quality executive reports/briefings Expert knowledge of information security principles, standards and frameworks such as ISO27001. Familiarity with NIST, SSAE16, APRA CPS234, ASD essential 8, VPDSF Knowledge of security policies, standards, and practices. Knowledge of the infrastructure, operations, and systems of information technology. Agile mindset, incremental delivery over perfection, willingness to try new approaches to a problem Ability to manage projects and tasks independently with little supervision Relevant security trainings/certifications not mandatory but will be highly desirable Ability to use GenAI models and other pragmatic approaches to improve efficiencies/quality or delivery Be up-to-date with information security best practices and industry trends for security solutions and standards Why MinterEllison We offer flexible working options to encourage balance, wellbeing and support for sustainable ways of working and a range of social, financial and health benefits, including free gym membership - all with no minimum tenure. We encourage applications from people of all ages, abilities, cultural backgrounds, genders (including trans or gender diverse), LGBTQ+ people and those with carer responsibilities. We particularly encourage Aboriginal and Torres Strait Islander people to apply. How to apply We prefer to connect with people directly, so please submit your CV by clicking on the 'Apply' button. We encourage all applications, including if you do not meet the criteria listed for the role. Your application will also enable us to consider you for other opportunities that may be available at MinterEllison. If you are currently a MinterEllison employee, please apply through the internal careers page. If you would like further information, require any adjustments throughout the recruitment process or for a confidential discussion, please contact . #J-18808-Ljbffr