GRC Specialist at Downer Group

Canberra, , Australia -

Full Time

Start Date

Immediate

Expiry Date

18 May, 26

Salary

0.0

Posted On

17 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Governance, Documentation Review, Cyber Security Documentation, SSP Development, Security Risk Assessments, Risk Treatment Plans, SOPs, Control Mappings, ISM, NIST, Risk Management, Compliance, PSPF, Stakeholder Engagement, Continuous Improvement, Security Clearance

Industry

Civil Engineering

Description

Join our Downer Professional Services team and play a key role in delivering complex defence and national security projects that safeguard Australia’s future. Downer Professional Services comprises of three business units our Technical, Advisory, and Capability consulting practice, and Team Downer, which partners with CASG and NSSG as a major service provider to Defence. Together, we are a multi-disciplinary advisory and delivery partner of choice for clients across Defence and National Security. We currently have an opportunity for a GRC Specialist in Canberra to work on Digital projects. What You’ll Do This role offers a broad scope, with key role responsibilities including: Strong governance and documentation expertise, with the ability to review, uplift, rationalise, and standardise cyber security documentation for clarity, consistency, and audit readiness Proficiency in developing and maintaining core security artefacts, including SSPs, Security Risk Assessments, Risk Treatment Plans, SOPs, control mappings (Essential Eight, ISM, NIST), and accreditation support documentation. Solid risk and compliance capability, including identifying and analysing cyber risks, supporting compliance against ISM/PSPF/Essential Eight, and assisting with assurance and security assessments. Effective stakeholder engagement and communication skills, able to collaborate with ICT teams, project managers, security advisors, and coalition partners, and translate technical concepts for non‑technical and senior audiences. Continuous improvement mindset, with the ability to identify documentation gaps, streamline templates and standards, and uplift overall security documentation practices across the project. What You’ll Bring Demonstrated Cyber Security GRC experience, with strong capability in documentation uplift, quality improvement, and producing structured, auditable security artefacts. Practical knowledge of Australian Government cyber frameworks, including ISM, PSPF, and the Essential Eight, with the ability to apply them in complex environments. Experience working in multi‑stakeholder or coalition environments, supporting projects that require coordination across agencies, partners, or international participants. Strong written and verbal communication skills, able to translate technical security concepts for non‑technical audiences and build effective stakeholder relationships. Ability to engage confidently with technical and non‑technical stakeholders, ensuring clarity, alignment, and effective collaboration across security, ICT, and governance teams. Due to the nature of the work, you are required to currently hold and maintain a minimum Negative Vetting 2 or higher Security clearance as required by the Commonwealth. In some instances, compliance with International Traffic in Arms Regulations (ITAR) requirements may also be an inherent requirement. More than anything, you’ll bring a strong work ethic, a positive attitude, and a commitment to delivering high-quality outcomes for our clients. Why Downer Professional Services At Downer Professional Services, we’re not just a workplace - we’re a business dedicated to contributing to the shaping of the future of defence in Australia. As the country’s only sovereign prime, we’re committed to making a real difference in protecting Australia’s interests. What is means to belong at Downer Professional Services Meaningful work: Help to deliver critical Defence projects that protect Australia and shape its future. Professional development: Access career mapping, accelerated learning programs, and shared learning through our Communities of Practice. Great perks: Enjoy discounts on healthcare, retail, vehicles, and more through Perks@Downer. Veteran support: Benefit from initiatives like up to 20 days of Reservist Leave to stay connected post-service. You want your work to matter and so do we. With over 26,000 people across Australia, New Zealand and the Pacific, our team is made up of individuals with unique perspectives, backgrounds, and ideas. We know that diversity makes us stronger and we actively celebrate it through our commitment to inclusion and belonging. We’re committed to building a team that reflects the diverse communities we serve and we welcome people of all ages, genders, sexual orientations, cultures, abilities, and lived experiences. We especially encourage applications from those whose voices have traditionally been underrepresented in our industry, including women, Aboriginal and Torres Strait Islander Peoples, Māori and Pasifika Peoples, veterans, people with disability, and neurodivergent individuals. Even if your experience doesn’t align perfectly with this role, we’d still like to hear from you. If it feels like the right fit, apply - potential counts, and so do you. As a WORK180 Endorsed Employer, we support flexibility that works for your life, inclusive leadership that values your voice, and equitable access to opportunity so you can do your best work and bring your whole self to it. If you need support or adjustments through the recruitment process, just let us know, we’re here to help you put your best foot forward.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The role involves strong governance and documentation expertise, focusing on reviewing, standardizing, and uplifting cyber security documentation for clarity and audit readiness across complex defence projects. Key duties include developing core security artifacts like SSPs and Risk Treatment Plans, and supporting compliance against Australian government security frameworks.