Senior IRAP Compliance Analyst
Sydney, AU
Full Time Senior-level / Expert Clearance required AUD 180K - 247K *
Smartsheet
Smartsheet enables teams to manage projects, automate processes & scale programs in one powerful platform. Maintain visibility & keep distributed teams connected.This position reports to: Head of SecEng or CISO
We’re looking for a highly motivated, collaborative and technically experienced Cyber Security Professional with the ability to understand and influence cloud operational and security processes, effectively communicate our organisation’s controls including intent, and drive changes within the organisation through effective testing. The successful candidate must be reliable, resourceful and have a positive attitude.
In this position, you will be involved in leading and managing the IRAP compliance program for our organization. This will include liaising with government agencies, third party auditors, internal engagement with SMEs. So it requires a holistic level understanding of regulatory requirements and how it can be implemented within a cloud environment.
You will be a key member of our team and you will play an important role in defining the framework for the Smartsheet IRAP compliance effort, including identification of documentation requirements and a schedule for continuous monitoring. In this role you will be required to demonstrate the ability to analyse difficult problems, think out-of-box and provide pragmatic solutions and recommendations.
Our current compliance initiatives are focused on, but not limited to Spain’s ENS, Germany’s TISAX, Japan’s ISMAP, Australia’s IRAP, Singapore MTCS, and other important global programs such as ISO 27001, ISO 27002, ISO 27017, ISO 27018, PCI, SSAE 18, and SOC 2.
You Will:
- Perform activities to help measure and monitor IRAP compliance with company policies and procedures
- Perform gap analysis of IRAP requirements in comparison with our existing NIST 800.53 security controls
- Facilitate certifier and assessor requests and information gathering for audit activities and lead the audit process
- Craft and revise security policies and procedures to enhance compliance with IRAP and other relevant security frameworks.
- Conduct activities to comply with the various Government Cyber Security requirements within the Australia and wider APAC region
- Successfully drive security compliance testing activities across various teams within the organisation
- Coordinate with various internal teams (IT, legal, CorpIT, etc.) and external stakeholders to ensure alignment and understanding of compliance requirements and strategies.
- Contribute by enhancing and maturing the existing common control framework
- Liaise with Risk Management team and assist with security risk assessment activities and development of security controls and documentation, as needed
- Monitor regulatory changes relevant to IRAP and adjust compliance strategies as necessary.
- Advocate for best practices in security and compliance
- Contribute towards enhancing the policies and processes that are a part of our compliance requirements to and understand how they meet compliance business needs
You Have:
- 8+ years working in the field of cyber security compliance, security risk or audit
- Direct and current working experience with Australian IRAP and at least one other compliance program from among the following: UK Cyber Essentials Plus, ISO 27001, PCI, MTCS, SSAE18, and/or SOC2
- Prior experience working in the Security and Compliance group at a SaaS/Cloud company or with Security and Risk practice of a reputable auditing firm
- Relevant professional certifications such as CISSP, CISA, CISM are desirable
- Demonstrated experience working on large projects
- Experience using a GRC tool or system is desirable
- Excellent writing skills, ability to prepare and deliver compliance presentations and delivery of associated metrics
- Excellent verbal and written communication skills
- Ability to work effectively as a member of the Compliance Team to drive results for the Information Security Program
The candidate must be an Australian citizen currently holding a baseline security clearance, or willing to obtain a baseline security clearance.
Get to Know Us
At Smartsheet, we’ve created a place where everyone is welcome — people from all over the world, all backgrounds, all ages, all colours, and all beliefs working side by side. Here, everyone can make a difference and empower others to do the same. You’re encouraged to apply even if your experience doesn’t precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we empower everyone, everywhere to change the way the world works—join us
Equal Opportunity Employer:
Smartsheet is an Equal Opportunity Employer committed to fostering an inclusive environment with the best employees. We provide employment opportunities without regard to any legally protected status in accordance with applicable laws in the US, UK, Australia, Japan, Costa Rica, and Germany. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.
#BI-Remote
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Business Intelligence CISA CISM CISO CISSP Clearance Cloud Compliance ISO 27001 ISO 27002 Monitoring NIST Risk assessment Risk management SaaS Security Clearance SOC SOC 2 TISAX
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Security Architect jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs