At NCS Australia, we believe in doing technology services better. Our commitment to quality, focus on people, and willingness to challenge traditional thinking set us apart. Our team brings this belief to life by partnering with our clients and communities to make tomorrow together.
We are committed to creating an environment that prioritises innovation, collaboration, and purposeful work. Our diverse team is empowered to make a meaningful impact with curiosity, creativity and resilience to shape better outcomes. Join us and accept the challenge of creating a better tomorrow.
Job DescriptionKickstart your cybersecurity career with NCS AU! We are seeking an ambitious Graduate Cyber GRC Analyst to join our forward-thinking, AI-enabled cyber team. This is a structured, capability-building pathway designed to fast-track your practical experience in Governance, Risk, and Compliance (GRC). Mentored by seasoned cyber practitioners, you will develop a rock-solid foundation in information security while learning how to effectively protect our business, our people, and our clients.
In this role, you won't just be learning traditional frameworks; you will be operating at the cutting edge of the industry. We actively encourage the use of approved AI tools (such as Microsoft Copilot) to accelerate policy drafting, streamline threat research, and drive business efficiencies. You will get hands-on, end-to-end exposure to risk management, control uplift, compliance monitoring, and audit readiness against leading industry standards like ISO/IEC 27001 and the ASD Essential Eight.
As a developmental position, we don’t expect you to know everything on day one. Success will be measured by your enthusiasm for learning, your progression through our structured training, the quality of your outputs, and how well you align with NCS AU’s collaborative, value-driven culture. If you are ready to build a modern cyber career with the tech of tomorrow, this is the launchpad you have been looking for.
Governance, Risk & Compliance (GRC)
Framework Alignment: Support control validation, audit prep, and documentation for frameworks including ISO/IEC 27001 and ASD Essential Eight.
AI Optimization: Leverage approved AI tools (e.g., Microsoft Copilot) to accelerate policy drafting, control mapping, and evidence synthesis.
Risk & Reporting: Maintain risk registers, track remediation, and prepare KRI dashboards and compliance reports for cyber leadership.
Risk Assessment & Compliance Monitoring
Risk Evaluation: Conduct operational and third-party risk assessments, tracking treatment plans and residual risks.
Continuous Monitoring: Monitor compliance against regulatory, contractual, and internal security frameworks (including PSPF).
Gap Analysis: Utilize AI-assisted research to monitor the threat landscape, identify non-compliance, and support remediation planning.
Third-Party Risk Management (TPRM)
Vendor Due Diligence: Evaluate vendor security postures, manage questionnaires, and maintain the vendor risk register.
AI Risk Governance: Assess AI-related risks in third-party products (e.g., data residency, training data governance).
Customer Assurance: Support responses for tenders and customer-facing security assessments.
Security Awareness & Culture Uplift
Culture Champion: Promote a strong security culture and deliver engaging awareness materials, inductions, and user guidance.
AI Literacy: Develop specific awareness content regarding the acceptable, responsible use of AI tools and data handling.
Continuous Improvement: Identify opportunities to optimize GRC workflows and actively contribute to the broader cyber team's maturity.
Qualifications & Knowledge
Education: A Bachelor’s degree in Cybersecurity, IT, Computer Science (or a related discipline), or equivalent passion and self-directed learning.
GRC Foundations: A basic understanding of risk management, data protection, and frameworks like ISO/IEC 27001 or the ASD Essential Eight.
AI Curiosity: A strong interest in how AI tools and automation can improve cyber governance, with a basic awareness of AI data sovereignty considerations.
Certifications (Bonus): Entry-level certs like Security+ or ISO 27001 Foundation are highly regarded but not mandatory.
Skills & Attributes
Analytical Mindset: Excellent attention to detail with the ability to research methodically, use AI-assisted tools responsibly, and know when to escalate risks.
Strong Communicator: Ability to write clear documentation (policies, reports, PowerPoint decks) and explain cyber concepts to both technical and non-technical audiences.
Collaboration & Integrity: A team player who manages time well, handles confidential information with total discretion, and welcomes feedback as a tool for growth.
Why join us:
NCS Australia is where you can feel at home, nurturing your talents and skills as we make tomorrow together, one day at a time. Our benefits include paid parental leave, initiatives focused on your well-being and discounted health insurance. You will also enjoy discounts on various products and services and be regularly recognised and rewarded for high performance. We are committed to your career development through our Capability Fingerprint, industry and partner training programs, special interest groups, and an AI-driven learning platform. No matter where you are in your career, we offer meaningful work and opportunities for growth.
NCS Australia is an equal-opportunity employer, and we take pride in our commitment to valuing and supporting our people and the communities we serve.We are dedicated to attracting, retaining and developing our people regardless of gender identity, ethnicity, sexual orientation, disability and age. Applications are encouraged from all sectors of the community and we strongly encourage applications from the Veterans, Aboriginal and/or Torres Strait Islander community.
At NCS Australia, we are committed to supporting adjustments throughout the recruitment and selection process, as well as during employment. We actively support and encourage people with disability to apply.
Agencies:
We’ve got this. We request that you do not contact NCS employees outside of the Talent Acquisition team. NCS exclusively accepts resumes from agencies on our preferred supplier panel through the NCS Agency Portal. Agencies that submit resumes must have a valid fee agreement and be assigned to the particular requisition by the Talent Acquisition team. Any resumes that are submitted outside of this process will become the sole property of NCS. If a candidate is hired outside of this process, no fee or payment will be given.
Work rights and background checks:
To be eligible for a position with us, applicants will need to have valid work rights for Australia and be willing to undergo a comprehensive background checking process, including probity and police checks
