Our Why
Datacom works with organisations and communities across Australia and New Zealand to make a difference in people’s lives and help organisations use the power of tech to innovate and grow.
About the Role (your why)
The Cybersecurity Consultant role, with a focus on Governance, Risk and Compliance (GRC), is responsible for supporting and maturing an organisation’s cyber security governance framework, risk management processes, and compliance with Australian standards and regulations.

What you’ll do

• Develop, implement, and maintain GRC frameworks, system authorisation packages, policies, and procedures in alignment with Australian Government regulations and industry standards such as ISM, PSPF, ASD Essential Eight, ISO 27001, NIST CSF, and other relevant organisational security frameworks.
• Conduct risk assessments, gap analyses, and security assessments to identify potential vulnerabilities and ensure ongoing compliance.
• Work closely with security architects, operations teams, and legal teams to ensure compliance objectives are met.
• Identifying security requirements for new applications and other software products.
• Evaluating and making recommendations on the organisation’s IT security architecture, including new security products and collaborating with internal and external stakeholders to manage risk mitigation strategies and security governance activities.
• Liaising with other business units in the identification of controls and preparation of reports to management on risk, compliance, and security governance to senior management and external auditors.
• Consulting with internal and external stakeholders in development, deployment, documentation and management of security policies, procedures, standards and strategies.
• Assisting with security awareness training programs.
• Investigating, responding to, and reporting on, security incidents as directed.
• Providing expertise and input on emerging security technologies, issues and directions.
• Monitoring emerging Cybersecurity technologies, issues and directions.

What you’ll bring

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Business or a related discipline.
• 5+ years of experience in IT, with 3 years’ experience in a Governance, Risk and Compliance role working with Federal Government agencies and departments.
• Demonstrated understanding and experience in delivering programs to meet relevant statutory and organisational risk/compliance programs.
• Demonstrated understanding and experience in delivering Cybersecurity risk assessment programs.
• Broad, expert knowledge of Information Security/Cybersecurity principles and practices.
• Broad understanding of IT Security principles associated with networks, internet, email, operating systems, firewalls, VPN’s, databases, virus management, intrusion detection, cryptography and e-commerce, with high level expertise/specialisation in several of these fields.
• A good understanding of current legislation and precedence governing IT.
• Understanding of various aspects of the Disaster Recovery position that apply to mainframe, mid-range, LAN & associated networks.
• Expert knowledge of information systems, operating systems, databases and networking.
• Demonstrated understanding of planning and budgeting procedures and principles.
• The technical knowledge to make informed decisions about business risks and vulnerabilities.
• Ability to lead and mentor junior Cybersecurity Consultants.
• Effective presentation skills with the ability to convey technical information across various levels.
• Ability to communicate technical concepts and align them with client business goals and objectives.
• Ability to chair meetings and provide leadership in stressful situations caused by tight delivery timeframes.

Why join us here at Datacom?
Datacom is one of Australia and New Zealand’s largest suppliers of Information Technology professional services. We have managed to maintain a dynamic, agile, small business feel that is often diluted in larger organisations of our size. It’s our people that give Datacom its unique culture and energy that you can feel from the moment you meet with us.
We care about our people and provide a range of perks such as social events, chill-out spaces, remote working, flexi-hours and professional development courses to name a few. You’ll have the opportunity to learn, develop your career, connect and bring your true self to work. You will be recognised and valued for your contributions and be able to do your work in a collegial, flat-structured environment.
We operate at the forefront of technology to help Australia and New Zealand’s largest enterprise organisations explore possibilities and solve their greatest challenges, so you will never run out of interesting new challenges and opportunities.
We want Datacom to be an inclusive and welcoming workplace for everyone and take pride in the steps we have taken and continue to take to make our environment fun and friendly, and our people feel supported

• Develop, implement, and maintain GRC frameworks, system authorisation packages, policies, and procedures in alignment with Australian Government regulations and industry standards such as ISM, PSPF, ASD Essential Eight, ISO 27001, NIST CSF, and other relevant organisational security frameworks.
• Conduct risk assessments, gap analyses, and security assessments to identify potential vulnerabilities and ensure ongoing compliance.
• Work closely with security architects, operations teams, and legal teams to ensure compliance objectives are met.
• Identifying security requirements for new applications and other software products.
• Evaluating and making recommendations on the organisation’s IT security architecture, including new security products and collaborating with internal and external stakeholders to manage risk mitigation strategies and security governance activities.
• Liaising with other business units in the identification of controls and preparation of reports to management on risk, compliance, and security governance to senior management and external auditors.
• Consulting with internal and external stakeholders in development, deployment, documentation and management of security policies, procedures, standards and strategies.
• Assisting with security awareness training programs.
• Investigating, responding to, and reporting on, security incidents as directed.
• Providing expertise and input on emerging security technologies, issues and directions.
• Monitoring emerging Cybersecurity technologies, issues and directions