Cyber Governance Risk & Compliance Specialist

Your next opportunity

We are seeking a hands-on and operationally focused Cyber Governance & Risk Compliance Specialist to enhance Boral’s technology posture by leading the development and implementation of robust governance, risk, and compliance (GRC) frameworks. The Cyber GRC Specialist will bridge governance with engineering, embedding controls into processes, systems, and cloud environments. Partnering closely with cyber operations, IT, and audit teams to ensure security requirements are practical, measurable, and resilient, this role is ideal for someone with a governance mindset, solid influencing skills and a passion for how things work under the hood.

Your day will involve:

Governance, Risk & Compliance

• Develop, deliver, and maintain IT and cyber security standards to protect data, information systems, and industrial control systems across Boral
• Maintain a comprehensive cyber risk register and feed insights into the broader organisational risk framework
• Provide inputs into risk assessments across IT services, ensuring alignment with the NIST Cyber Security Framework
• Deliver and maintain cyber risk mitigation plans in collaboration with IT stakeholders
• Assess key vendors for compliance with Boral’s cybersecurity standards
• Translate risk scenarios into actionable technical control requirements

Technical Engagement & Control Validation

• Collaborate with cyber engineering and operations teams to understand how controls function in real-world environments (e.g., log flows, IAM, vulnerability management)
• Support threat modelling and technical risk assessments across IT and OT environments
• Review misconfigurations, patch hygiene, and security findings to determine true business risk

Assurance, Audit & Awareness

• Coordinate internal and external cyber audits
• Work with IT, infrastructure, and vendors to ensure effective business continuity and disaster recovery strategies are in place
• Contribute cyber risk insights to disaster recovery planning and exercises and drive cyber safety and awareness initiatives across the organisation.

 What are we looking for?

• Bachelor’s degree in computer science or information systems
• Qualifications in IT security - CISSP, CISM
• Experience developing and implementing a Cybersecurity approach using common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL), NIST Framework, Mitre and ASD Top 10.
• Has successfully performed risk, business impact, control and vulnerability assessments, and in defining treatment strategies
• Experience participating in technical security reviews or audits.

What’s on offer?

• Attractive salary package reflective of your skills and experience
• Genuine career growth opportunities within Boral
• Ongoing mentoring and guidance from industry leaders and subject matter experts
• Broaden your horizons through exposure to our integrated operations
• Modern offices and workstations, close to public transport options and with free on-site parking
• Work for a values-based business that shares goals and celebrates individual and team success
• Work for an Equal Opportunity Employer – At Boral, we understand that diversity brings many benefits, and we are increasingly encouraging greater diversity within our workplaces
• We are Australian-owned and operated
• Opportunity to purchase additional leave
• Generous paid parental leave entitlements.

#LI-JV1