Job Description
**About BDO**At BDO Australia, our why is ‘empowering people, realising possibilities’. One way we bring this to life is by hiring and developing exceptional talent, to deliver on our wide array of audit, tax and advisory services.**About the Role**Working for BDO you will be part of a growing and market leading professional services firm.
Our national and global footprint provides our people with opportunities to work on interesting client engagements, across diverse industry sectors and services.
Our open and collaborative culture ensures access to Partners and professional mentors, to guide and accelerate your professional career, across a wide array of career pathways.
We provide our people with various health and wellbeing, social, financial, and professional development benefits to help realise what’s possible.Participate in fitness challenges or take advantage of exclusive discounts to corporate health insurance, gym memberships and wellness facilities via our BWell program. Access benefits such as travel perks, retail discounts, free breakfast, employee referral rewards, study, and professional development support.Our leave options cater to the unique needs of our people; and include enhanced family support, cultural and religious leave, and options to purchase additional leave. You can also give back and get involved in community initiatives via our BCaring program.With a strong focus on learning and growth, we provide on the job training and formal development programs to help you succeed in your role and develop your skills and experience.
Our culture is underpinned by our core values (One, Bold, Human, Heart and Strive). We are proud to be recognised as an Inclusive Employer by the Diversity Council of Australia and an Employer of Choice by the Workplace Gender Equality Agency (WGEA).As a Senior Consultant within BDO’s Cyber Security Practice, you will play an important role in the delivery of Governance, Risk, and Compliance (GRC) and Essential Eight (E8) engagements. This is an individual contributor role ideal for cyber professionals that have an excellent understanding of GRC, E8 and Cyber Security better practices and is looking to work within a supportive, highly functioning team as they take their career to the next level. You will be working on interesting GRC and E8 engagements, helping a range of clients develop and manage robust, technically sound frameworks that align with both business objectivesYou will play an important part of the team by providing a comprehensive range of GRC and E8 services, including risk assessments, compliance audits, policy development, third-party risk management, E8 audits and enabling the implementation of security controls.
**Key Duties and Responsibilities*** Deliver GRC and E8 related projects under the guidance of our GRC leadership team* Work closely with an engagement manager to deliver GRC related services, covering:
+ ISMS/ISO 27001 implementations and gap assessments
+ E8 assessments and maturity reviews
+ Security strategy, maturity assessments and roadmaps
+ Cyber security health checks against better practice standards (e.g. ISO 27001, E8, NIST CSF, ACSC Essential 8, APRA CPS 234, AESCSF, etc.)
+ Threat Risk Assessments across Cloud Service, Business Applications, IoT/OT functions.* Work with other service lines to ensure holistic and fit-for-purpose cyber security outcomes* Support Directors and Partners with client business development activities such as drafting of proposals and engagement letters* Be active within the cyber security industry and community to stay on top of latest technical security industry trends and building out your network.**Skills/Attributes required*** Strong knowledge, and demonstrable experience, of cyber security industry standards (e.g. ISO 27001, NIST CSF, etc.)* Strong knowledge, and demonstrable experience, of implementing, or assessing, compliance with E8* An understanding of threat risk assessments concepts (IT, IoT, SCADA, Cloud)* Experience with explaining cyber security concepts to a technical and non-technical audience* Advisory / consulting experience - either to external clients or internal teams* Involvement in the cyber security community* Anticipates needs and takes initiative without prompting.* Seeks feedback, learns quickly, and applies insights to improve results.* Delivers high‑quality work with strong attention to detail and accuracy.* Prioritises effectively, plans work and meets deadlines consistently.**Qualifications and Experience Required*** 3+ years professional experience working in a related cyber security discipline* Verifiable experience working with one or more relevant security framework, standard, or technical regulation (e.g., ISO 27001, NIST, PCI-DSS, AESCSF)* Verifiable experience working with Essential 8 controls* Familiarity with risk management and compliance tools and security technologies (e.g., firewalls, IDS/IPS, cloud platforms)* A tertiary qualification in information technology, computer science, cyber security, or a related field is highly desirable (but not mandatory)* Experience in a professional services environment is highly desirable (but not mandatory) and regulatory requirements.
#J-18808-Ljbffr
