Cyber (Non-OS Vulnerability Management)

CareCone Group

Position- GRC Consultant – Cyber (Non-OS Vulnerability Management)

Exp- 7+yrs

Skill- GRC, cyber risk, vulnerability management

Job Type- Contract

Location- Melbourne

JD-

Role Summary-

We are seeking an experienced GRC Consultant – Cyber to drive governance and maturity of non-OS vulnerability management across enterprise application and platform environments.

This role focuses on cyber risk oversight, exception management, and vulnerability treatment strategy, ensuring risks are effectively assessed, governed, and aligned with enterprise security standards—while remediation execution remains with delivery teams.

Required Skills & Experience-

  • Strong background in GRC, cyber risk, and vulnerability management
  • Experience with application/platform vulnerabilities (non-OS)
  • Knowledge of frameworks: ISO 27001, NIST, CIS
  • Hands-on exposure to tools like Qualys, Tenable, Snyk, or similar
  • Expertise in risk assessment, exception management, and compliance
  • Strong stakeholder engagement and communication skills
  • Familiarity with DevSecOps / SDLC security practices

Key Responsibilities

Governance & Risk Oversight

  • Define and implement non-OS vulnerability management frameworks, policies, and standards
  • Establish governance forums, escalation paths, and decision-making processes
  • Ensure compliance with regulatory, audit, and enterprise security requirements

Exception & Treatment Management

  • Manage remediation exceptions and risk acceptance lifecycle
  • Validate compensating controls and residual risks
  • Drive risk-based treatment plans with application and platform teams

Cyber Risk Management

  • Perform risk assessments for vulnerabilities that cannot be remediated
  • Enable risk-based decision-making aligned to business risk appetite
  • Ensure proper documentation, tracking, and periodic review of accepted risks

Tooling & Capability Uplift

  • Lead tooling strategy, evaluation, and automation initiatives
  • Improve vulnerability management maturity and processes
  • Support training and adoption across delivery teams

Security Improvement & SDLC Integration

  • Oversee remediation outcomes from pen tests, audits, and assessments
  • Promote secure-by-design and DevSecOps practices
  • Ensure vulnerabilities are identified and treated before production release

Stakeholder Management

  • Collaborate with Cyber, Application, Infrastructure, and Operations teams
  • Provide risk insights to senior leadership and governance forums
  • Influence prioritization based on risk severity and business impact

Interested candidates can share their updated resumes on ***email_hidden*** OR reach out to me on +61 2 90559939.

Apply Now Apply Now Post a Resume

See more jobs in Melbourne, Victoria, jobs in Australia