ITGRC Analyst

Job Description

ITGRC Analyst Department: IT Employment Type: Permanent - Full Time Location: Melbourne Description As the IT Governance, Risk and Compliance Analyst, you will apply your subject matter expertise in IT risk management and compliance to enhance and implement policies and standards, maintain control assurance activities, support IT audits, evaluate and improve IT controls, execute security and risk assessments, provide insights and guidance to IT and business stakeholders, and assess and document compliance with laws, regulations, directives, and contracts. You will also support the governance, risk and compliance tooling, and the vendor risk management program. Key Responsibilities Support the ITGRC program and the global Information Security Management System (ISMS) for a large portfolio of applications, ensuring sustainable compliance practices across the company. Evaluate and monitor compliance to D&D’s IT controls, policies and standards and perform gap assessments. Map and maintain common controls framework and control scope/applicability for a portfolio of compliance initiatives. Facilitate and coordinate numerous ad hoc and periodic internal/external assessments, audits, and certifications, such as vendor assessments by key customers, ITGC and SOC 2 audits, and ISO 27001 certification, including evidence gathering, walkthrough coordination and management response to identified findings. Assist in driving the vendor/partner security risk assessment program using D&D’s 3rd-party risk assessment tool and support the vendor due diligence process. Support the implementation and ongoing management of an enterprise IT Governance, Risk and Compliance solution to enhance the company’s risk management and risk reporting/tracking capabilities. Assist in creating and maintaining policies, guidelines, and documentation that support the organization's IT GRC strategy. Work closely with other departments to ensure policies are communicated, understood, and followed. Support the development and maintenance of D&D’s global risk register and support risk treatment planning, monitoring, and reporting processes. Deploy a repeatable playbook for onboarding each acquired company onto the ISMS. Collaborate with D&D’s Legal department to incorporate new requirements from applicable legal/regulatory changes. Interface with global IT and business partners to provide guidance and support. Document and report control failures and gaps to stakeholders/control owners. Provide remediation guidance and prepare stakeholders' reports to track remediation activities. Evaluate and report any security/compliance risks to track as part of the company risk register. Consult on developing security standards, procedures, and controls to manage risks. Skills, Knowledge and Expertise Tertiary education in business administration, Information Security, Risk Management, or a related field. At least 2-4 years of experience in governance, risk management, compliance, or audit roles. Familiarity with governance, risk management, and compliance software tools. Knowledge of applicable regulatory frameworks (e.g., ISO 27001, SOC 2, PCI DSS). Strong understanding of risk assessment methodologies and frameworks. Proficiency with Microsoft Office tools (Word, Excel, PowerPoint) and reporting tools. Strong analytical and problem-solving skills. Excellent attention to detail and organizational skills. Effective communication skills, with the ability to present complex information to various stakeholders. Ability to collaborate across teams and drive compliance initiatives. Strong time management skills, with the ability to prioritize tasks effectively. Benefits At Dye & Durham we strive to be visionaries! As a leader in our field, we ensure our employees are ready for the next challenge in their journey with us by offering a range of learning and career opportunities through mobility and learning. We offer a host of benefits including additional personal leave, company discounts, wellness programs, and paid days off to move house or volunteer for your favourite charity. #J-18808-Ljbffr