IT Compliance and Assurance Officer

• Leading Australian Financial Services firm based in Melbourne
• Report directly to CISO, own and drive IT Compliance and Risk
• 3 days in the office, $150k + Super, proven stakeholder management skills  

‍

You'll be the sole IT Risk & Compliance owner in a strong, growing Financial Services security team, reporting to the CISO. This exclusive Melbourne-based role leads external audit engagements, coordinates internal audit activity and owns evidence, governance artefacts and remediation tracking end-to-end.  You'll design and improve IT control frameworks, present to senior stakeholders, support control testing and RCSAs, and lift control maturity across cloud and on-prem estates. SOCx experience preferred but not essential. Exceptional presentation and communication skills required.

‍

About the role
‍

• Own IT Risk & Compliance for the business - single point of accountability for IT controls, risk registers and compliance artefacts.
• Manage and coordinate external auditors and audit deliverables; collaborate closely with internal auditors and business stakeholders.
• Gather, validate and present audit evidence; maintain governance documents, policies and control libraries.
• Track audit findings and remediation, provide clear status reporting and dashboards to the CISO and senior stakeholders.
• Support control testing, RCSAs and assurance activities; contribute to continuous improvement of IT control maturity.
• SOCx experience desirable (preferred but not essential); hands-on understanding of ITGCs and cloud/SaaS controls advantageous.

‍

About you
‍

• Demonstrated experience in IT governance, risk and compliance - ideally in Financial Services or another regulated environment.
• Comfortable managing external audit engagements and briefing senior stakeholders; exceptional presentation and communication skills.
• Strong attention to detail, highly organised and experienced in evidence collection, documentation and artefact management.
• Good working knowledge of control frameworks (SOC/ISO27001/NIST/COBIT) and IT general controls (access, change, backup).
• Proven ability to lift control maturity, influence technical and non-technical teams and drive remediation to closure.
• Tertiary qualification in IT, Cybersecurity, Risk or related discipline preferred.

‍

If you are based in Melbourne, committed to 3 days in the office, and have Australian PR or Citizenship, please apply now.