Senior Cyber Governance, Risk & Assurance Specialist

We are looking for a Senior Cyber Governance, Risk & Assurance Specialist to join our dynamic IT Security team.  What is this role about?The Senior Cyber Governance, Risk & Assurance Specialist is entrusted with fortifying Cuscal’s cybersecurity governance and risk management frameworks, ensuring stringent regulatory compliance and resilience against evolving cyber threats. This pivotal role encompasses managing key compliance processes, executing comprehensive risk assessments, and delivering critical insights to inform risk-aligned decision-making. By engaging cross-functional stakeholders, the specialist drives a culture of risk awareness, enhances control effectiveness through targeted assurance activities, and contributes strategic perspectives to cybersecurity reporting for the Technology Risk Committee and senior leadership.Here’s some more insight into what you’ll work on,Cyber Governance and Policy Support:Assist in the development, implementation, and maintenance of cybersecurity policies, standards, and frameworks to support Cuscal’s security objectives.Ensure that policies, Standard and procedures are up-to-date and align with regulatory and industry standards, including PCI DSS, SOC 2, and CPS 234.Risk identification and assessment:Conduct cybersecurity risk assessments for systems, applications, and third-party vendors to identify and prioritize risks based on Cuscal’s risk tolerance.Evaluate risk assessment findings and recommend mitigation actions to reduce exposure to potential security threats.Compliance and Regulatory Alignment:Support the execution and documentation of end-to-end PCI DSS and SOC 2 compliance activities, including audits and remediation tracking.Assist in the continuous monitoring of regulatory requirements, ensuring Cuscal maintains compliance with standards such as APRA CPS 234.Assurance and Control Testing:Perform regular control assessments and assurance testing to validate the effectiveness of cybersecurity controls.Document and communicate control gaps, monitor remediation efforts, and report on progress to relevant stakeholders in timely manner.Reporting and DocumentationContribute to the preparation of cybersecurity risk reports for the Technology Risk Committee, Board Risk Committee, and other senior stakeholders.Provide insights and analysis to improve the organization’s understanding of cybersecurity risks and support data-driven decision-making.