"Cyber Security Governance, Risk and Compliance (GRC) Manager"

PRIMARY DETAIL

• $192,462 plus 17% employer superannuation contribution
• 1 Year Fixed Term Contract based at Macquarie University, Wallumattagal Campus (North Ryde)
• Join a welcoming, inclusive, and collaborative team culture that values innovation, integrity, and professional growth

About the Role

Macquarie University is seeking a dynamic and experienced Cyber Security Governance, Risk and Compliance (GRC) Manager to lead the development and implementation of our cyber security GRC framework. This pivotal role ensures alignment with enterprise risk management and strategic objectives, while maintaining compliance with legal and regulatory requirements.

You will be a key advisor to senior leadership, shaping the University's cyber security posture across digital transformation, research infrastructure, and third-party engagements. This is an exciting opportunity to make a significant impact in a progressive, research-intensive university environment. This role reports to our Chief Information Security Officer.

Key Responsibilities

• Lead the design and enhancement of the University’s cyber security GRC framework.
• Develop and maintain cyber security policies, procedures, and the Information Security Risk Register.
• Manage risk assessments, compliance audits, and control testing.
• Ensure compliance with NIST CSF, ASD Essential Eight, Privacy Act, and other relevant frameworks.
• Collaborate with internal and external stakeholders to align risk and compliance efforts.
• Prepare reports and briefings for senior leadership and governance bodies.
• Implement quantitative risk models (e.g., FAIR) to support strategic decision-making.
• Provide expert advice and support across the University on cyber risk and governance.

About you

You are a strategic thinker with deep expertise in cyber security governance, risk, and compliance. You thrive in complex environments and are passionate about building a strong security culture. You bring a collaborative approach and a commitment to excellence, along with the following qualifications and experience (selection criteria):

• Tertiary qualifications in Information Security, Risk Management, Business, Law, or related field
• Proven track record in designing, implementing, and managing risk-based governance structures, compliance programs, and audit processes in a large, multi-faceted organisation
• Strong understanding of the Australian regulatory environment, including the Privacy Act, TEQSA, Notifiable Data Breach scheme, PSPF, and critical infrastructure obligations
• Experience with GRC platforms and quantitative risk models (e.g., FAIR)
• Strong knowledge of ISO/IEC 27001, NIST CSF, Essential Eight, and Australian regulatory frameworks
• Excellent communication skills and stakeholder engagement capabilities
• Industry certifications (e.g., CISA, CRISC, CGEIT, FAIR Risk Analyst, CISSP) (Highly Desirable)

About Us

Macquarie is a university engaged with the real and often complex problems and opportunities that define our lives. Celebrating its 60th year in 2024, it was established as a bold experiment in higher education and designed to break from educational traditions to work in tandem with industry. Institutionally we strive for the extraordinary by challenging convention and embracing different views. Our pioneering culture has encouraged and inspired students, staff and collaborators to break free from conventional thinking, and to actively shape the complex issues that define the future of humanity.

Why work at Macquarie

We rank amongst the top employers in the Australian Workplace Employers Index, having recently earned a five-star rating in the QS World Rankings with the highest rating for employability.

Our prime location, we are walking distance from Macquarie University Metro Station and Macquarie Shopping Centre. Not only are we close, take a look at our benefits on offer:

• 17% Superannuation
• Subsidised onsite parking options
• Flexible working options
• Training and professional development
• Onsite childcare facilities
• Discounted health insurance (Medibank)
• Onsite vacation care
• Employee Assistance Program
• Subsidised membership at the Sport & Aquatic Centre
• Onsite GP, imaging & physio clinics