_{25th June, 2026}

We are working closely with one of Australia's leading national science and technology organisations, whose work spans environmental sustainability, agriculture, health, manufacturing, digital technologies, energy and space research. Their technology environment supports thousands of users, critical research platforms and nationally significant data assets that help solve some of Australia's greatest challenges.

Specifically, we are looking for an experienced Cyber Risk Specialist to provide ICT security advice and assistance to government, including policy creation, project advice and assistance, and research.

The Opportunity
As a cyber risk specialist, you lead third‑party cyber risk assessments for government, configuring and operating TPRM tools, improving assessment workflows, tracking vendor risks, and providing expert security advice. You support departmental cyber resilience uplift by strengthening processes, reporting, and remediation across the vendor lifecycle.

AGSVA Clearance
NV1 minimum.

Key Duties 

• Configure and operationalise TPRM tooling, including intake, triage, assessment, review, approval and reporting workflows.
• Support onboarding and management of third-party assessments using existing tools and established processes.
• Refine due diligence questionnaires, evidence review processes, risk rating logic and decision points.
• Identify, record and track third-party security risks, treatment actions, exceptions and remediation activities.
• Develop practical procedures, work instructions, role hand-offs and operational guidance to support repeatable delivery.
• Produce fit-for-purpose reporting, dashboards and status views to improve visibility of assessment volume, risk themes and remediation progress.
• Provide advice on contract security requirements, support interpretation of findings, and contribute to audit readiness and continuous improvement.

Technical Skills

• Hands-on experience with third-party risk management, vendor security assessments and cyber risk analysis.
• Demonstrated experience implementing, configuring or administering TPRM or GRC tooling.
• Experience designing or improving workflows, assessment processes, remediation tracking and operational reporting.
• Working knowledge of security and risk frameworks such as NIST, ISO 27001 and the Australian Government ISM.
• Ability to translate compliance and risk requirements into practical controls, assessment criteria and business processes.
• Strong stakeholder engagement, communication and influencing capability across cyber, procurement, legal and business teams.

About You
You’re a seasoned cyber risk and GRC professional with a track record of improving how organisations manage vendor and third-party risk. You’ve worked hands-on in complex environments, not just defining approaches but putting them into practice by refining tools and building practical ways to monitor and report on risk across suppliers.

How to Apply
This role offers the opportunity to influence the cyber uplift of a nationally significant organisation whose technology capabilities directly support scientific discovery, innovation and research outcomes that benefit all Australians.

Apply now or contact Byron at byron@approachconsult.com.au or 0415 531 330

Apply For Job