Cyber Security Governance & Compliance Analyst

Job no: 539258
Work type: Full Time
Location: Sydney, NSW
Categories: Information Technology, Cyber

• Employment Type: full time continuing role
• Starting Salary $113926 – 123302 plus generous superannuation and leave loading
• Location: Kensington campus in NSW (Hybrid Flexible Working) 2-3 days in the office

About UNSW:

UNSW isn’t like other places you’ve worked. Yes, we’re a large organization with a diverse and talented community, a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. If you want a career where you can thrive, be challenged and do meaningful work, you’re in the right place.

The Cyber Security Governance & Compliance Analyst supports the development, maintenance, and operational delivery of the organisation’s cyber security governance framework and compliance obligations. The role focuses on keeping Cyber Security Standards current and actionable, managing policy exemption requests, responding to governance-related service tickets, administering and uplifting the team's cyber security governance platform, supporting the organisation with compliance and regulatory activities, and coordinating Cyber Security Governance Communities of Practice. The position contributes to a consistent, risk-based, and auditable control environment and provides clear metrics and reporting to stakeholders across the institution. The position reports to the Manager, Cyber Governance & Compliance and has no direct reports.

Specific accountabilities for this role include:

• Coordinate cyber policy lifecycle activities, including stakeholder engagement, working group facilitation, drafting and following up on approval requests, and managing the endorsement process.
• Maintain and update the Cyber Security Policy Framework (CSPF), ensuring alignment with organisational policy and regulatory standards (e.g., ISO/IEC 27001, NIST CSF, ACSC Essential Eight, DISP, SOCI).
• Manage the full lifecycle of policy exemptions, including stakeholder engagement, risk assessment, documentation, and reporting.
• Respond to governance-related service tickets, maintain SLAs, and contribute to knowledge base content.
• Administer and support the MyCyberHub platform, including user management, configuration, integrations, and dashboard/report creation.
• Support the ISO27001 Information Security Management System (ISMS), including document control, audit coordination, and committee operations.
• Coordinate Cyber Security Governance Communities of Practice, including agendas, logistics, and communications.
• Help collect regular governance and compliance metrics for executive reporting.
• Demonstrate continuous improvement through innovation, AI, and automation to enhance user experience and efficiency.
• Any other duties commensurate with the role and as directed by the Manager, Cyber Governance & Compliance, or the Cyber Security Leadership team.
• Align with and actively demonstrate the Code of Conduct and Values
• Cooperate with all health and safety policies and procedures of the university and take all reasonable care to ensure that your actions or omissions do not impact on the psychosocial or physical health and safety of yourself or others.

Who you are:

• A relevant tertiary qualification with subsequent relevant experience or an equivalent level of knowledge gained through any other combination of education, training and/or experience.
• A minimum of 2–4 years’ experience in cyber security governance, compliance, risk management, or assurance within a large organisation.
• Working knowledge of (minimum 1 year) security standards and frameworks (ISO/IEC 27001, NIST CSF; familiarity with ACSC Essential Eight desirable).
• Hands-on experience with GRC (governance, risk management and compliance) or ticketing tools (e.g., ServiceNow, Protecht, Jira/Confluence), including workflow and reporting.
• Strong policy/standards writing and editing skills; ability to translate complex requirements into clear control statements and guidance.
• Experience managing exception/exemption processes and preparing risk-based recommendations for decision-makers.
• Evidence-based reporting and data literacy (metrics design, dashboards, trends, and narrative).
• Understanding of core IT and cyber security domains such as identity/access management, vulnerability management, cloud security, AI security fundamentals and change/release governance, sufficient to engage control owners.
• Relevant industry certifications (e.g., ISO/IEC 27001 Lead Implementer/Lead Auditor, CISM, CRISC, Security+, Azure AI Fundamentals, AWS Ai Practitioner).
• Experience working in higher education or other complex, federated environments.
• Ability to present with credibility and translate technical and complex information concisely for diverse audiences using strong analytical and problem-solving skills.

Benefits and Culture

• Flexible Working Options (work from home, flexible hours etc)
• Career development opportunities
• 17% Superannuation contributions and additional leave loading payments
• Additional 3 days of leave over Christmas period
• Discounts and entitlements (retail, education, fitness)

For further details on the benefits, please visit https://www.jobs.unsw.edu.au/lifestyle-benefits

How to Apply: please apply through the portal, we would like you to submit a full application including resume and addressing the who you are section.

Applications close: Monday 27th of April 2026 at 11.30pm

Get in Touch:
Jen MacLachlan
j.maclachlan@unsw.edu.au
Talent Acquisition Partner – UNSW IT
Please apply through the application portal and not via the contact above.

UNSW is committed to equity diversity and inclusion. Applications from women, people of culturally and linguistically diverse backgrounds, those living with disabilities, members of the LGBTIQ+ community; and people of Aboriginal and Torres Strait Islander descent, are encouraged. UNSW provides workplace adjustments for people with disability, and access to flexible work options for eligible staff. The University reserves the right not to proceed with any appointment.

Position Description