IT Risk and Compliance Analyst

Apply now Job no: 539447
Work type: Full time
Location: Melbourne, Sydney
Categories: Information Technology

📢 We’re Hiring: IT Risk and Compliance Analyst

📍 Location: Macquarie Park, NSW or Melbourne CBD, VIC

🕒 Employment Type: Full-time

💼 Industry: Information Technology

💰 Salary: Competitive + Benefits

Be part of something bigger. Be part of ISS.

We’re looking for an experienced IT Risk and Compliance Analyst, to be based out of either our Melbourne CBD or Macquarie Park (Sydney) office, employed on a Full-Time basis.

🛠 Purpose and Responsibilities

This position is responsible for supporting the ISS Pacific’s cybersecurity, vulnerability management, IT risk, and compliance operations by assisting in the identification, analysis, documentation, and coordination of key security and governance activities across the technology environment.

 

Reporting to the IT Risk & Compliance Specialist, you will work closely with Infrastructure, Applications Solutions and Security Operations teams to ensure risks are identified and managed, vulnerabilities are remediated in a timely manner, and governance obligations are consistently met. You will also collaborate with internal stakeholders, vendors and external auditors to maintain accurate compliance records, support security assurance activities, and contribute to ongoing cybersecurity uplift initiatives.

 

As a key member of the IT Risk and Compliance function, you will demonstrate professionalism, accountability, and a strong willingness to learn, supporting the organisation’s commitment to maintaining a secure and compliant technology landscape.

 

  • Support vulnerability management by analysing scan results, documenting risks, tracking remediation, and assisting with BAS activities.
  • Assist with IT risk assessments, policy maintenance, compliance documentation, and audit evidence collection.
  • Help coordinate patch management by compiling patch data, tracking exceptions, and maintaining dashboards.
  • Contribute to cybersecurity projects through meeting coordination, documentation, and basic technical support.
  • Support security audits by gathering data, updating asset lists, documenting findings, and tracking remediation.
  • Assist with client security questionnaires by preparing evidence packs and maintaining standard compliance documentation.

🎁 What We Offer

  • Flexible work arrangements tailored to you.
  • Macquarie Park office – onsite parking and 4 minutes walk from Metro train station and buses
  • Melbourne CBD office – central location, close to public transport
  • Exclusive staff discounts with a wide range of partners.
  • Learning & development programs to support your career growth.
  • Global career pathways – opportunities to grow within ISS worldwide.
  • A positive team culture where your success is celebrated.

 What You’ll Bring

Key Skills, Knowledge, and Experience

Qualifications & Foundational Knowledge

  • Certificate, Diploma, or Bachelor’s degree in Information Technology, Cybersecurity, Information Systems, or a related discipline.
  • Foundational understanding of cybersecurity concepts, including vulnerability management, patching, and endpoint security.
  • General knowledge of IT infrastructure, including servers, endpoints, networks, and asset management.

Security, Risk & Compliance

  • Familiarity with vulnerability scanning tools such as Rapid7, Qualys, or Nessus, with the ability to interpret and triage basic findings.
  • Understanding of patch management processes, remediation tracking, and compliance reporting.
  • Knowledge of IT risk management principles, security controls, and compliance frameworks including:
    • ISO 27001
    • NIST Cybersecurity Framework (CSF)
    • Australian Essential Eight
  • Basic understanding of identity and access management (IAM) concepts, including single sign-on (SSO).

Communication & Stakeholder Engagement

  • Strong written communication skills, with the ability to document risks, audit findings, remediation actions, and project updates clearly.
  • Ability to translate technical information into clear, concise summaries for non-technical stakeholders.
  • Effective collaboration with Infrastructure, Security, SOC, and Audit teams to support security and compliance outcomes.
  • Proactive stakeholder follow‑up to ensure remediation actions and compliance tasks are completed on time.

Coordination, Reporting & Documentation

  • High attention to detail when maintaining dashboards, trackers, and compliance documentation.
  • Strong coordination skills for meetings, project updates, audits, and evidence gathering.
  • Ability to maintain and manage libraries of documentation, including standard responses, policies, procedures, and compliance artefacts.

Bonus qualifications and experience (Desirable):

  • CompTIA Security+ and ITIL Foundation
  • Experience participating in audits (internal and external)

How to Apply:

Click on the 'apply' link and complete the online application.

Our Commitment:

ISS fosters a culture of inclusion and diversity, welcoming applications from Aboriginal and Torres Strait Islander peoples, veterans, people with disabilities, individuals from diverse cultural backgrounds, and LGBTIQA+ communities. We are committed to fair pay and a safe working environment.

Learn more about ISS in Australia and New Zealand on our website.

Please note: No agency applications are accepted

Advertised: AUS Eastern Daylight Time
Applications close:

Back to search results Apply now