Security Analyst

Culture Amp • Sydney • 1d ago

How can you help make a better world of work?

As a Security Analyst focused on Governance, Risk, and Compliance (GRC), your core mission will be to maintain trust and security throughout our ecosystem. This role is primarily responsible for managing our 3rd Party Vendor Security review process and assisting with timely, high-quality responses to customer security questionnaires.

You will work closely with Sales, Legal, and Procurement teams, ensuring our security documentation is accurate and our third-party ecosystem is secure. You will also help to foster a strong security culture internally.

Skills & Experience:

Risk Management (Third-Party Focus)

Vendor Security Reviews: Complete security third-party vendor risk reviews for new and existing suppliers, gathering inputs, logging outcomes, and ensuring alignment with the Third-Party Security Management Standard in partnership with Procurement and Legal.

Customer Trust and Security Assurance

Answering Customer Security Questionnaires: Assist where required the timely completion of high-quality responses to customer and prospect security requests, due diligence questionnaires (DDQs), and information requests.
Maintaining Trust Collateral (SafeBase): Proactively assist and help maintain all security and compliance documentation, artifacts, policies, and certifications within our Security Trust Centre (e.g., SafeBase) to enable a self-service experience for customers.
Accelerating Deals: Partner with Sales and Legal to triage requests and ensure security communications are consistent and accelerate the sales cycle.
Gathering Reporting Metrics: Collect and track key performance indicators (KPIs) related to customer security review SLAs, document engagement, and overall security assurance efforts for leadership visibility.

Security Culture and Awareness

Security Awareness Campaigns: Assist with the design, coordination, and delivery of our hybrid cybersecurity awareness program
Internal Communication: Draft and schedule compelling security insights for internal newsletters, Slack, and email, translating complex policy and control requirements into clear, action-oriented guidance for all employees ("Campers").
Security Champions Initiative: Support the operationalisation of the security champions program across business units to extend program reach and reinforce secure-by-default behaviours across the organization.

Security Compliance

Program Assistance: Assist the GRC team with the ongoing management and maintenance of our key security compliance programs (e.g., ISO 27001, SOC 2), which includes coordinating evidence collection, documentation updates, and control attestations.

You have:

Experience: 1-3 years of operational experience in a role focused on Security Assurance, Third-Party Risk (TPR) Management, or GRC. Transferable skills from adjacent domains are highly valued.
Security Compliance Operations: Practical experience assisting with the management of security compliance programs (e.g., SOC 2, ISO 27001, or similar), including coordinating evidence collection from control owners and documenting attestations.
Customer Trust Platform Expertise: Proven ability to manage and update content within a Security Trust Center platform (like SafeBase or similar), including document organization, access controls, and questionnaire response management.
Third-Party Risk Process: Practical understanding of the vendor security review lifecycle, including the ability to triage, assess, and document risk findings for internal and external suppliers.
Organisational Excellence & SLA Adherence: Excellent organization and prioritization skills with a proven track record of strong follow-through and working effectively toward defined service level agreements (SLAs) in a fast-paced environment.
Enablement & Communication Skills: Clear and concise written communication, with the skill to translate complex security concepts (e.g., policy, controls) into practical, action-oriented guidance suitable for technical and non-technical internal teams.
GRC Foundations: Familiarity with common security frameworks (e.g., SOC 2, ISO 27001, or similar) is a plus, and a high degree of curiosity, a learning mindset, and a positive, security-first attitude are essential.