Cyber Security – Governance, Risk and Compliance Specialist (AU)

Work with cutting edge AI technology, making the world a safer and more secure place. DroneShield (ASX:DRO) offers an opportunity to solve some of world’s most challenging technical problems in the rapidly growing counter-drone sector.   

Our customers operate in some of the most challenging and high-stakes environments in the world, including military organisations, government agencies, airports, critical infrastructure operators, and law enforcement. Protecting airspace in these settings requires technology that performs under pressure and teams that understand what’s at stake. At DroneShield, employees work at the leading edge of counter-drone innovation, helping to address real-world security challenges as drone threats continue to evolve globally. 

With one of the largest listed defence company market capitalisations in Australia, now part of the ASX200 index, DroneShield is experiencing a period of hypergrowth. Revenue has surged from A$57 million in 2024 to over A$217 million in 2025, representing growth of more than 400% year-on-year, with record profitability and cashflow. The total addressable global market for counter-drone is assessed at approximately $100 billion, and is currently at the nascent stage with much of the growth still to come, with DroneShield well positioned as a global market leader, and the only public listed pure-play business in this sector.   

The company has grown from 11 employees in 2017 to over 450 staff globally today, and is on track to reach around 550 by the end of 2026. This expansion includes investment of over A$50 million annually in R&D, a global pipeline exceeding A$2.5 billion, and continuous scaling of production capacity to meet accelerating demand.  

The role is based at DroneShield’s central Sydney headquarters. Overseas on-the-ground presence includes Virginia (USA), Netherlands, Denmark, Mexico and Dubai, as well as distributors in over 70 countries worldwide. 

About the role

The Security team is a nimble team responsible for protecting DroneShield's assets and users. Our adversaries are sophisticated and use state-of-the-art tooling. To protect DroneShield, we need to focus on the biggest risks, eliminate threats, focus on automation to scale our efforts and continually increase the cost for the attackers.

At DroneShield, we aim to achieve the highest levels of security through strong controls assurance, effective governance, and risk management that leadership can rely on to make informed decisions. This role approaches GRC with an engineering‑led mindset, focusing on practical frameworks, automation, and tight integration with broader security and privacy functions.

As a GRC Specialist, you will bring curiosity and rigour to understanding security risks - both technical and organisational. You’ll work closely with teams across the business to identify blind spots, close gaps, and ensure that security risks are well understood and appropriately managed.

A core part of this role is developing effective ways to collect, normalise, analyse, and report on our security posture. You will help establish GRC as a trusted source of risk insight for internal stakeholders and executives, delivering clear, data‑driven reporting that supports decision‑making.

You will be expected to champion low‑friction, high‑quality evidence collection and the use of automation across control design and assurance activities. The goal is not compliance for its own sake, but scalable, reliable security governance that keeps pace with a fast‑growing, technology‑driven organisation.

Strong communication skills and stakeholder management are a must have.

Responsibilities, Duties and Expectations 

• Supporting and continuously improving the organisation’s risk management framework, including risk identification, assessment, treatment, and reporting
• Maintaining and operating an Information Security Management System (ISMS) aligned to ISO/IEC 27001, including control design, evidence collection, and continuous assurance activities
• Ensure compliance with a wide range of frameworks and standards, including ISO 27001, ISM, PSPF, DSPF, ASD E8, DISP, and NIST
• Developing, reviewing, and maintaining security policies, standards, and procedures that are clear, practical, and aligned to business needs
• Working with engineering, security, IT, legal, privacy, and business teams to ensure controls are implemented effectively and risks are properly understood
• Coordinating and contributing to internal audits, external audits, certifications, and surveillance activities
• Managing third‑party risk lifecycle, including security questionnaires, risk reviews, and ongoing vendor monitoring
• Helping to improve automation, tooling, and reporting around compliance and assurance activities to reduce manual effort and improve insight

Qualifications, Experience and Skills 

• BS degree in Computer Science, Information Technology or similar technical field of study or equivalent practical experience
• Minimum 5 years’ experience in related roles. Roles could include:
• • GRC Consultant
  • GRC Analyst
  • GRC Engineer
  • GRC Officer
  • Cyber Security Risk Analyst
  • Privacy and Compliance Specialist
• Knowledge of the following is essential:
• • Experience supporting or operating an ISMS, including audits, risk registers, and control evidence
  • Strong and demonstrable practical experience with risk management frameworks and methodologies
  • Hands-on experience managing the third-party lifecycle, including compliance, onboarding, monitoring, and off-boarding
  • Proven ability to develop and implement security policies and procedures
  • Foundational understanding of hybrid infrastructure, including cloud platforms (e.g., AWS) and on-premises servers
• Required Skills:
• • Strong written and verbal communication skills, with the ability to explain risk and compliance topics to both technical and non‑technical audiences
  • Good stakeholder management skills and the confidence to work with teams across engineering, operations, and leadership
  • A detail‑oriented mindset, balanced with the ability to prioritise what matters most from a risk perspective
  • A pragmatic approach to compliance — focused on meaningful risk reduction, not checkbox exercises
  • Curiosity and initiative, with a willingness to dig into unfamiliar areas and ask the right questions
  • The ability to manage multiple workstreams and deadlines in a growing organisation
• Nice to have:
• • Relevant security or GRC‑related certifications, training, or progress toward certification
  • Experience with GRC or compliance tooling (e.g. Vanta, Drata, ServiceNow, or similar)
  • Exposure to privacy regulations or regulated environments (e.g. Australian Privacy Act, critical infrastructure, government, or defence‑related industries)
  • Basic scripting or automation experience (e.g. Python, APIs) to support compliance workflows

Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed.