IT Risk, Security & Governance Specialist

Toll Group

  • Melbourne, VIC
  • Contract
  • Full-time
  • 13 days ago
About Toll GroupAt Toll, we do more than just logistics - we move the businesses that move the world. Our 16,000 team members can help solve any logistics, transport, or supply chain challenge – big or small. We have been supporting our customers for more than 130 years. Today, we support more than 20,000 customers worldwide with 500 sites in 27 markets, and a forwarding network spanning 150 countries. We are proudly part of Japan Post —Join Our Cybersecurity Team as an IT Risk, Security & Governance AnalystReady to make a real impact in cybersecurity by shaping secure systems and ensuring government compliance?We are looking for a skilled and detail-oriented IT Risk, Security & Governance Analyst to play a key role in maintaining alignment with the Australian Government Information Security Manual (ISM). In this role, you’ll focus on analysing security controls, managing application whitelisting, and producing high-quality documentation and reports.You’ll collaborate with technical teams, risk managers, and compliance stakeholders to assess platform security and support secure application deployment. If you're ready to make a meaningful impact in a dynamic cybersecurity environment, we’d love to hear from you.This position is a fixed term contract to March 2027 which can be based in Melbourne, Brisbane or Sydney.As the IT Risk, Security & Governance Analyst you will:
  • Interpret and apply Australian Government security standards, including ISM controls, to ensure compliance across systems and platforms.
  • Assess application platforms for compliance with whitelisting and security requirements and support secure deployment and configuration.
  • Develop and maintain security documentation and reports, including standardised formats and evidence for audits and assessments.
  • Monitor and report on remediation activities for non-compliant systems, contributing to ongoing security improvements.
  • Prepare and update key security documents, such as SAD, BCP, DRP, Incident Response Plan, SSP, SSP Annex, ISM SoA,and SRMP.
  • Collaborate with internal teams to align security practices with operational needs and ensure consistent implementation.
What We’re Looking ForQualifications & Technical Skills
  • Certifications and Education: Holds relevant certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer, along with tertiary qualifications in Cybersecurity, IT, or a related field.
  • Government and Framework Knowledge: Strong understanding of the Australian Government ISM, PSPF, ASD Essential Eight, and experience with IRAP assessments or working with IRAP assessors.
  • Technical Security Expertise: Skilled in application whitelisting technologies (e.g., Microsoft AppLocker, WDAC), endpoint protection, system hardening, and secure configuration baselines.
  • Security Reporting and Compliance: Proficient in preparing risk assessments, control mapping, and compliance documentation.
  • Security Tools and Processes: Knowledgeable in SIEM tools, vulnerability management, and incident response procedures.
  • Operating Systems and Standards Application: Solid understanding of Windows and Linux security controls, with the ability to apply security standards to real-world technical environments.
Experience
  • 5+ years of experience in cybersecurity or information security roles.
  • Strong background in security compliance, risk analysis, and audit support.
  • Experience in regulated environments, especially within government agencies, is highly desirable.
  • Proven ability to prepare security documentation and compliance reports effectively.
  • Skilled in cross-functional collaboration, working with IT operations, risk, and governance teams.
  • Demonstrated expertise in aligning security practices with organisational and regulatory requirements.
What moves you?At Toll, you can help play a vital role in delivering what matters. From food, fuel, medicine and rescue services, we keep businesses and communities thriving. Every day brings change. We see that as an opportunity. To be curious. To ask the right questions. And build meaningful connections. Because finding new ways to solve problems is what we do. With a bold vision to expand our global reach, our 16,000+ people bring a passion for progress. We collaborate in friendly, caring teams, supported by approachable leaders who give us the autonomy to quickly make decisions with impact. Learn and grow with industry-leading training, alongside talented experts. Feel empowered to take on diverse challenges and new responsibilities to move you, our customers, and our world further.Are you excited about this role but are concerned you don’t meet all the requirements? If you have similar skills and are willing to learn then we encourage you to apply anyway. We know that some people hesitate to apply for jobs unless they meet every single qualification. At Toll, we value a diverse, inclusive and authentic workplace, so if you’re interested in this role but your past experience doesn’t align perfectly then please talk to us – you may be just the right candidate for this or other roles we have coming up.At Toll everyone is welcome including those of all ages, ethnicities, genders and abilities.To find out more about us visit www.careers.tollgroup.comYou must be entitled to work in Australia and be prepared to undertake pre-employment checks including a criminal history check and medical.

Toll Group

Similar Jobs

  • IT Risk Manager

    Iress

    • Melbourne, VIC
    See yourself being part of a large, transformational change? This could be the role for you! At Iress, we make things happen We believe technology should help people perform be…
    • 9 days ago