Cyber Security and Compliance Analyst

{"description": " About Us
Welcometo Barry Nilsson. For 60 years, we've been shaping a better experience for ourclients and our people. What sets our firm apart is not just what we do, butwho we are: a team known for its collaborative spirit and commitment toexcellence, inclusion, and innovation. As an award-winning national law firm,we've built a culture that empowers you to not only grow your career, but beyour authentic self while you do it.

About the Team
Youwill join a tight knit and collegiate Technology team comprising 9 people whoprovide IT support to the firm nationally. Reporting to the Head of IT, you'llwork as part of a fast-paced and service-focussed team.

About theRole
Due to continued growth, we'reseeking an experienced Cyber Security and Compliance Analyst to join our teambased in either Sydney, Melbourne or Brisbane. This role is responsible forestablishing and maintaining the firm's cyber security governance, risk andcompliance framework.

The role is a hands-on role and leads the alignmentof the firm's information security controls and practices to ISO/IEC 27001,delivering initial certification, and embed ongoing operational practices toremain audit ready.

Thekey responsibilities for this role are:

• assessing and uplifting the firm's cyber controls prioritising material risks to client confidentiality, service availability, and operational continuity;
• leading the ISO/IEC 27001 program, including scope definition, gap assessment, Statement of Applicability, control design/implementation, internal audit coordination, management reviews, corrective actions, and certification audit support;
• establishing and maintaining an ongoing audit-ready operating model, centralising data collection within the firm's audit management tool, Vanta;
• coordinating responses to client APRA CPS 234 audits, assurance reviews, tender and cyber due diligence responses, and client security questionnaires, including evidence collation, vendor engagement, remediation planning, and the prompt closure of findings;
• partnering with IT, Risk & Audit committee, Cyber Security Committee, Business Services and Principals & Directors to embed security-by-design into projects, system changes, and operational processes;
• leading third-party / vendor security risk management;
• owning the firm's information security management system (ISMS) and associated governance;
• overseeing security awareness and compliance activities and monitoring compliance to required controls; and
• other duties and related projects as required across IT, Risk & Audit committee, Cyber Security committee and Business Services.

About You
We'relooking for someone who brings both technical capability and a genuinecommitment to exceptional service.

You'llideally have:

• a relevant tertiary qualification or equivalent experience;
• demonstrated experience responding to assurance activities such as APRA CPS 234-aligned assessments, SOC report review, client questionnaires, and third-party audits;
• demonstrated experience leading or materially contributing to ISO/IEC 27001 implementation and certification;
• minimum 5 years' experience in cyber security governance, risk and compliance, technology risk, or a similar role;
• strong working knowledge of ISO/IEC 27001 and typical control sets (incl. risk assessment, policies/standards, asset management, access control, supplier security, incident management, and continual improvement);
• practical experience establishing and operating an ISMS, including evidence management and internal audit coordination;
• understanding of APRA CPS 234 requirements and common audit / assurance expectations (or strong capability to learn quickly in regulated contexts);
• experience with third-party risk management processes and security assessment of vendors;
• ability to translate technical security requirements into clear policies, standards and guidance suitable for a professional services environment; and
• strong stakeholder management skills.

Benefitsof Working with Us
Just toname a few, we have:

• been acknowledged as an 'Employer of Choice' for the last 7 years;
• progressive policies including a 9.5-day fortnight, working from home, purchase of leave options, volunteer leave, and a public holiday swap policy;
• an annual performance bonus scheme designed to recognise and reward strong performance;
• a relaxed office environment where you can \"Dress for your Day\";
• access to our Health & Wellbeing program, BNWell, which supports the mental, physical and financial wellbeing of our people including a yearly health & wellbeing allowance and a health & wellbeing leave day; and
• a shared care parentalleave policy offering 26 weeks of paid leave with no primary/secondary carerdistinction.

Ready to Go Further?
Fromyour first day, expect to be embraced for who you are - because we're a firmdefined by our people. Step into a workplace where individuality is celebrated,ambitions are realised, and collaboration drives success. At Barry Nilsson,it's about being you and going further. Apply today.

To make a confidential application, please click 'Apply Now' and address your application to Jo Clementson, People & Culture Adviser.

This vacancy is being managedexclusively by the BN People & Culture team. Should we require externalsupport, we will reach out to our preferred agencies directly.

Barry Nilsson is committed to building adiverse, inclusive and flexible workplace where all of our people are supportedto be their authentic selves, valued for their unique contributions, rewardedfairly, connected to colleagues, and empowered to achieve their full potential.We welcome applications from Aboriginal & Torres Strait Islander peoples,LGBTIQ+, as well as people of all ages, genders, abilities and cultures. Feelfree to chat to the recruiter for this position regarding any accommodations oradjustments you may require to the role or the recruitment process to ensureyour equitable participation.

#LI-Hybrid", "salary_raw": "Row(double=None, string=None)"}