Cybersecurity GRC Consultant

Triskele Labs are one of the leading providers of cybersecurity services in Australia. We assist clients to reduce their risk of a cyber compromise through the delivery of risk-considered controls.

Triskele Labs are one of the last remaining boutiques in Australia. We are currently the largest CREST Registered Penetration Testing company in Melbourne and one of the only boutiques to run a 24x7x365 Security Operations Team completely onshore.

Are you looking to work in cybersecurity consulting where real impact matters more than ticking boxes? Triskele Labs is seeking a Cybersecurity GRC Consultant to join our growing Advisory team in Melbourne.

In this hybrid client-facing role, you’ll work across industries to deliver clear, practical security assessments that help organisations meaningfully reduce risk. You’ll support implementation and uplift efforts aligned to frameworks like ISO 27001, NIST CSF, and the Essential Eight, working closely with both technical and non-technical stakeholders to drive change where it matters most.

We’re looking for someone who brings both security expertise and a questioning mindset — someone who is comfortable challenging assumptions, validating controls, and helping our clients cut through complexity. You’ll also have the opportunity to collaborate with other internal teams across offensive security, DFIR, and detection and response.

If you want to grow your GRC career in a role where the work is valued, varied, and grounded in the real world, this could be the perfect fit.

Key Responsibilities

• Conduct cybersecurity risk assessments aligned to ISO 27001, NIST CSF, Essential Eight and related frameworks
• Perform gap assessments and control maturity reviews for regulatory, compliance, and best-practice purposes
• Support the development and implementation of Information Security Management Systems (ISMS)
• Create board and executive-level reporting to communicate cyber risks and prioritise remediation
• Facilitate workshops and lead conversations with stakeholders across technical and business functions
• Work closely with internal experts in SOC, red teaming, and DFIR to ground recommendations in operational realities
• Build lasting relationships with clients and support them throughout their cyber maturity journey

Experience & Skills

• 2–4 years of experience in cybersecurity GRC, ideally across multiple sectors or clients
• Practical knowledge of ISO 27001, NIST CSF, and Essential Eight
• Experience conducting risk assessments and drafting core security documentation (e.g., risk registers, policies, reports)
• Strong communication and engagement skills with business and technical audiences
• A proactive, consultative approach to understanding and validating control environments
• Technical awareness of security operations and engineering concepts
• Willingness to learn, take initiative, and own deliverables in a collaborative team setting

Certifications

Required:

• ISO 27001 Lead Implementor or Auditor
• One or more of the following: CISSP, CISM, CISA (or working towards)

Preferred:

• SABSA or CRISC
• ITIL Foundations
• Additional governance or cloud-related security certifications

What We Look For

• Excellent written and verbal communication
• Strong attention to detail and structured thinking
• Ability to balance autonomy with teamwork in a fast-paced environment
• A genuine interest in helping organisations improve their security maturity
• Client-first mindset with professional integrity

KPI's

• Timely, high-quality delivery of client engagements
• Positive stakeholder feedback and repeat client engagements
• Development and contribution to internal documentation and toolkits
• 75–80% billable utilisation
• Active engagement in professional development

Reporting Line

Reports to: Senior GRC Consultant

Works with: Advisory team, technical practices, and clients

Team culture is everything to Triskele Labs and it is the reason we exist. We are a forward-thinking company and always looking for ways to boost our team culture to ensure we are a destination employer. We continually undertake surveys to seek feedback from our team on ways we can improve our work environment and team member experience at Triskele Labs.

We provide our team a great range of additional benefits such as:

• Hybrid Flexibility: Work two days per week from our Melbourne CBD office, and remotely the rest of the week (subject to client needs)
• Varied Client Engagements: Collaborate with organisations of all sizes, across industries and maturity levels
• Career Development: Access ongoing mentorship, structured training pathways, and certification support
• Real-World Cybersecurity Exposure: Collaborate with our internal red team, SOC, and incident response units to deepen your practical understanding
• People & Culture: Participate in team events, offsites, and connection initiatives run by our dedicated People & Culture team

If you’ve made it this far, there’s a good chance you’re who we’re looking for!

At Triskele Labs, we value initiative and attention to detail—so please include a cover letter addressed to Rob Barry, Chief Operating Officer, with your application. Applications without a cover letter will not be progressed.

Working Arrangements

The role is full time, Monday to Friday in our Collins St Melbourne office, with hybrid working arrangements: two days in-office, three days remote (client needs may vary). Occasional interstate travel may be required.