Cyber Assurance - Third Party Security Risk Management Senior Associate

One purpose, one practice

We are public purpose sector specialists who support governments and their agencies, and not-for-profit organisations, to deliver services to Australians, helping to build more resilient, equitable, secure and prosperous communities. We are guided by our values of Stronger Together, Amplify Impact, Build Trusted Relationships, Value Every Person, Think Beyond Limits, and Defined by Ethics.

Our purpose-driven professionals provide clients with access to the skills, capabilities and expertise to support the delivery of government agendas and public purpose projects, with specialist teams across three national practices:

• Transformation
• Risk, Programs and Cyber
• Commercial, Financial and Infrastructure

Cyber & Tech Risk

The mission of our Cyber & Tech Risk (C&TR) practice is to increase public trust and participation in government digital services; a key driver in improving Australia’s productivity, equality, resilience, and prosperity. Our subject matter specialists bring scale and expertise across all phases of cyber transformation covering advisory and assurance, privacy and data governance, digital identity, technology implementation, and ongoing security operations.

Cyber Advisory

Our Cyber Assurance specialists combine the skills and discipline of an auditor with technical know-how and expertise across a broad range of technology risk disciplines. With a focus on improving the resilience of information systems, our Cyber Assurance team support our clients with a range of fascinating and complex technology challenges.  

A day in the life of a Cyber Assurance consultant ranges from mastering and applying the broad range of cyber frameworks we implement (e.g. NIST, PSPF/ISM, ISO27k, etc.), to assessing the core processes and controls that ensure the availability and performance of complex technology solutions, to advising our clients on core IT Resilience strategies in relation to disaster recovery and business continuity for mission-critical systems. 

The Role and Responsibilities

As a Senior Associate in our Cyber Assurance team, focused on Third Party Security Risk Management, you will create value by:

• Delivering third-party risk assessments: Supporting clients in identifying, assessing, and managing security risks associated with vendors, suppliers, and other third parties across the full lifecycle of third-party engagements.

• Advising on frameworks and standards: Applying your knowledge of cyber and risk frameworks (e.g. NIST CSF, ISO27001, CIS18 ISM/PSPF, COBIT) to evaluate third-party risk management programs and recommend practical improvements.

• Supporting assurance and remediation activities: Performing vendor due diligence, control testing, and audit reviews, and working with clients to close security gaps or enhance supplier oversight processes.

• Collaborating on transformation initiatives: Contributing to the design and implementation of third-party risk management operating models, governance structures, and enabling technologies.

• Coaching and knowledge sharing: Providing guidance and support to junior team members, sharing insights and practical approaches to third-party security challenges.

• Contributing to growth and innovation: Assisting in the development of new methodologies, tools, and service offerings in response to evolving market and regulatory expectations around third-party risk.

About You

As a Senior Associate, technically, you will bring to the position:

• 2+ years’ experience in cyber security, technology risk, or third-party risk management, ideally gained through consulting, assurance, or a second line of defence role.

• Familiarity with third-party risk processes (e.g. due diligence, onboarding, assurance reviews, ongoing monitoring, exit/offboarding).

• A working understanding of cybersecurity and IT risk frameworks (e.g. NIST CSF, ISO27k, ISM/PSPF, COBIT) and how they apply to vendor environments.

• Strong analytical and problem-solving skills, with the ability to work autonomously and deliver high-quality outcomes under time pressure.

• (Desired but not mandatory) Certifications such as CISA, ISO27001 Lead Implementer/Lead Auditor, CISSP, or cloud security certifications (AWS/Microsoft).

• (Mandatory) Ability to obtain an Australian Government security clearance.

• Market leading Parental Leave: Allows either carer to take 26 weeks of leave, flexibly, until a child is two years of age. A six-month minimum service requirement for new starters applies. We also make full superannuation contributions for up to 12 months (including unpaid parental leave).
• Flex working: Our people have the autonomy to choose where and when they work so they can integrate their professional and personal lives, finding the right balance that fuels their growth, wellbeing, engagement and productivity. If it works for them, their teams, and their clients, it works for us.
• Additional leave: a 5th week of paid leave to support rest, wellbeing, and inclusion during our annual summer shutdown also Birthday leave, First Nations Cultural Leave, Floating Public Holidays, Leave+ (purchased leave up to 12 weeks), Study Leave, Volunteering Leave, and more!
• Employee share options for every team member, reflecting our commitment to shared success and ownership.
• Smart Device reimbursement: Working flexibly means accessing the information you need on the go. That’s why we help pay for your smartphone or tablet, claiming up to $60 a month towards your bill.
• Wellness and Lifestyle benefits: We’ll give you $295 a year to spend on items or activities that support your wellness, and up to $205 a year to support your balanced lifestyle.
• Sonder: A digital care platform that empowers people to actively take control of their wellbeing to live well and perform at their best, free to Scyne Employees and their immediate family members.

Interested in working together or want to find out more?

If you too share our purpose of helping governments and their agencies build more resilient, secure, equitable and prosperous communities, then you should apply today.