Education Services Australia (ESA) was established by education ministers in 2010. We specialise in connecting policy, technology and practice. With this unique capability, we help advance nationally agreed education initiatives across Australia. Working with government and schools, we co-create and deliver technology-driven solutions that improve education outcomes – for everyone, everywhere. The Technology business unit comprises Assessment, NSIP, ICT, Systems Development, Product Strategy Technology, PMO, Risk and Information Security teams at ESA. Why work with us Work for a not-for-profit organization that provides true impact for students, teachers, parents, and carers We have received Xref Engage Best Workplace & Change Champion Awards 2025 Flexible working policy – 40% in the office and 35 hour week Office in a convenient location in the heart of the CBD Learn more about life at ESA here: Careers at ESA | Help shape the future of education About the role We’re seeking a skilled and motivated Governance, Risk, Compliance (GRC) & Security Analyst to join our Security team. In this role, you will support ESA in strengthening our information security practices, ensuring we meet our obligations, and helping build a cyber‑resilient and risk‑aware culture across the organisation. Key focus includes: Governance Maintain and improve security governance frameworks, policies, and documentation. Administer operational security governance forums and ensure appropriate escalation. Drive continuous improvement in oversight and security controls. Risk Conduct information security risk assessments for vendors, systems, and projects. Maintain risk registers and enhance risk management processes. Support business units with risk mitigation planning and decision‑making. Compliance Conduct or support internal security compliance reviews and assessments. Manage compliance assessments conducted by 3rd party vendors end-to-end (e.g., IRAP, Essential Eight). Develop templates and provide guidance to ensure security compliance requirements are met. Maintain and enhance incident response methodologies and processes to strengthen organisational readiness. Coordinate responses to moderate-level security incidents. Conduct incident training, simulations, and capability uplift activities. Reporting, Advice & Support Develop dashboards and metrics that communicate security posture. Manage cyber awareness and phishing simulation activities. Provide expert advice on security obligations, secure design, and technical controls. Coordinate the organisation’s response to vulnerabilities identified through the ASD CHIPs program. Who we're looking for Someone who brings expertise, energy, and a collaborative mindset Extensive experience in information security GRC, including policy development, stakeholder consultation, compliance activities, incident coordination, and awareness initiatives. Strong communication and interpersonal skills, with the ability to engage both technical and non‑technical audiences Ability to work independently and within a multi‑disciplinary team Strong problem‑solving ability and sound judgement Practical experience implementing ASD ISM and Essential Eight Experience with frameworks such as PSPF, ISO 27001, NIST CSF, OWASP Knowledge of cloud and on‑prem environments (Microsoft, Linux) Familiarity with secure development practices and CMS and LMS platforms, such as Umbraco or Moodle Experience or interest in the EdTech sector Understanding of privacy frameworks including the Australian Privacy Act, APPs, and GDPR Certifications include ISO 27001, CISM, CRISC, CISA, CISSP, and IRAP. What ESA offer At ESA we want everyone to succeed, irrespective of their gender, ethnicity, sexuality, physical ability or age. We welcome applications from Aboriginal and Torres Strait Islander peoples. In addition to a competitive remuneration package, ESA offers lifestyle benefits and a culture that allows people and ideas to flourish. Application Process If you don’t feel you meet every requirement we would still love to hear from you, you may be the right candidate for this or one of our other opportunities in the future. Please send your resume and cover letter through. #J-18808-Ljbffr