Governance, Risk and Compliance Analyst

About us

Gilbert + Tobin is built on enduring values of excellence, trust, respect, integrity and good corporate citizenship. We are a leading firm with over 500 lawyers, trusted by our clients to navigate today’s increasingly complex world.

We are purpose-built for our clients’ most complex work - across transactions, disputes and regulation. Our partners are leaders in their fields, delivering the highest quality of legal advice and providing an exceptional edge for our clients. They also provide our lawyers the opportunity to work with and learn from them. We are innovators in the use of technology, redefining value and service in the legal industry.

Our open, merit-based culture attracts and inspires the best legal talent. Founded in 1988, G+T’s journey has been one of relentless ambition and rapid progress, achieving extraordinary success in just over three decades.

We remain as determined as ever to be the best it’s possible to be.

Role Overview

We are looking for a proactive and detail-oriented Governance, Risk and Compliance (GRC) Analyst to join our Information Security team. This is a pivotal role supporting the maturity of our GRC program, driving compliance, risk mitigation, and governance across technology and security.

You'll contribute to a firm that’s embracing automation and cloud-native governance to deliver a smarter, more scalable approach to cyber risk management. You’ll play a key role in internal and external audits, third-party assessments, risk tracking, policy documentation, and awareness training, while championing continuous improvement and security enablement.

Key Responsibilities

• Maintain and enhance the GRC framework to meet evolving regulatory, contractual, and industry standards (e.g. ISO 27001, SOC 2, Privacy Act).
• Conduct internal risk assessments and manage the enterprise risk register in collaboration with key business and technology stakeholders.
• Support external audits and client security assessments, ensuring timely responses, evidence collection, and remediation tracking.
• Perform third-party security reviews including vendor onboarding assessments and ongoing compliance monitoring.
• Drive awareness and training initiatives to promote a risk-aware culture and support security governance objectives.
• Champion automation and cloud-native tools to streamline compliance monitoring, enforce security policies, and scale GRC operations.

About you

• Previous commercial experience in cyber risk or compliance.
• Working knowledge of information security standards and risk frameworks (e.g. ISO 27001, NIST CSF, ASD8).
• Comprehensive knowledge of technology and security domains, including network and wireless security, application security, infrastructure hardening, security baselines, as well as web server and database security.
• Experience supporting audits, managing risk registers, and conducting vendor assessments.
• Awareness of cloud governance (AWS/Azure), security controls, and privacy-by-design principles.
• Certifications such as ISO 27001 Lead Implementer/Auditor, CISA, CRISC, or equivalent would be highly advantageous

What we offer

• A supportive and flexible work environment.
• Top of market remuneration and a range of benefits including 26 weeks’ paid parental leave, additional annual leave, subsidised café and gym membership, end of trip facilities, exclusive retail discounts, social events and much more, which you can view here: https://www.gtlaw.com.au/careers/benefits
• Beautiful sunlit open-plan offices with panoramic views of the city and easy access to public transport, restaurants, cafes and exercise facilities.

How to apply

Please submit your interest via our careers website with a resume.

Should you have any questions about the role, or require an adjustment to participate in the recruitment process please contact gtcareers.com.au

We are committed to providing and maintaining a diverse and inclusive environment and a culture where everyone feels valued and empowered to contribute.