Skip to content

Cyber Security - Governance, Risk and Compliance Specialist (AU)

DroneShield Group Pty LtdSydney, NSW, AustraliaJuly 10, 2026
On-site
Full-time
GRC
Senior · 5+ yrs

Work with cutting edge AI technology, making the world a safer and more secure place. DroneShield (ASX:DRO) offers an opportunity to solve some of world’s most challenging technical problems in the rapidly growing counter-drone sector.   

Our customers operate in some of the most challenging and high-stakes environments in the world, including military organisations, government agencies, airports, critical infrastructure operators, and law enforcement. Protecting airspace in these settings requires technology that performs under pressure and teams that understand what’s at stake. At DroneShield, employees work at the leading edge of counter-drone innovation, helping to address real-world security challenges as drone threats continue to evolve globally. 

With one of the largest listed defence company market capitalisations in Australia, now part of the ASX200 index, DroneShield is experiencing a period of hypergrowth. Revenue has surged from A$57 million in 2024 to over A$217 million in 2025, representing record profitability and cashflow. The total addressable global market for counter-drone is assessed at approximately $100 billion, and is currently at the nascent stage with much of the growth still to come, with DroneShield well positioned as a global market leader, and the only public listed pure-play business in this sector.   

The company has grown from 11 employees in 2017 to over 450 staff globally today, and is on track to reach around 550 by the end of 2026. This expansion includes investment of over A$50 million annually in R&D, a global pipeline exceeding A$2.5 billion, and continuous scaling of production capacity to meet accelerating demand.  

The role is based at DroneShield’s central Sydney headquarters. Overseas on-the-ground presence includes Virginia (USA), Netherlands, Denmark, Mexico and Dubai, as well as distributors in over 70 countries worldwide. 

About the role

DroneShield is looking for a GRC Specialist with strong ISO 27001 experience to own and mature our Information Security Management System (ISMS) and strengthen governance and risk management across the business. This role is central to ensuring our security posture remains audit-ready, consistently governed across global operations, and aligned to business risk and decision-making.

You will own ISO 27001 and core GRC processes, including recertification, surveillance audits, continuous improvement of the ISMS, and the development of scalable, low-friction compliance processes. You will also support alignment with frameworks such as ISM, PSPF, DISP, CMMC and NIST where required.

You will also own and mature DroneShield’s supply chain and vendor risk management programme.

We are looking for someone who brings an engineering-led mindset to GRC — using automation, integration, and data-driven reporting to improve assurance, evidence collection, and executive visibility of risk.

Responsibilities, Duties and Expectations

  • Own and improve the ISO 27001 ISMS, including recertification, surveillance audits, and continuous improvement activities. 

  • Define and operate governance structures, including control ownership, policy lifecycle management, and internal assurance cadence. 

  • Lead internal audits, identify non-conformities, and drive remediation to closure. 

  • Maintain a structured cyber risk register and provide clear executive-level reporting to support risk-based decision-making. 

  • Design and implement automation for assurance, compliance, and evidence collection activities. 

  • Lead control validation and broader GRC assurance activities across the business. 

  • Respond to customer and regulatory assurance requirements using efficient, scalable processes.

  • Work closely with Security, IT, Engineering, and Operations to improve governance and control effectiveness across global operations.

Qualifications, Experience and Skills 

  • BS degree in Computer Science, Information Technology, or a similar technical field, or equivalent practical experience. 

  • Demonstrated experience operating or owning an ISO 27001 ISMS and audit lifecycle. 

  • Minimum 5 years’ experience in related roles, which may include: 

-          GRC Consultant 

-          Security Engineer 

-          Security Analyst 

-          Compliance and Risk Officer 

  • Essential knowledge and experience: 

-          Project management techniques and processes 

-          Vendor and customer compliance programmes 

-          Strong practical experience visualising security control information, including dashboards, integrations, or other risk-related reporting 

-          Large-scale data and information handling 

-          Risk management and ISO 31000 

-          Corporate, infrastructure, and cloud security fundamentals 

-          Identity and access management 

  • Desirable: 

-          Comfortable working on the command line in a Linux-first environment 

-          Familiarity with RESTful APIs 

-          Familiarity with AI and LLM technologies 

Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed.

Job Details

Experience

Senior · 5+ yrs

Tools & Tech

Linux