Security Advisor (GRC / Cyber)

  • Category: Security Services
  • Team: Consulting & Professional Services
  • Location: Canberra, ACT


Position at Trustwave

Trustwave is a leading cybersecurity and managed security services provider that helps businesses fight cybercrime, protect data and reduce security risk. Offering a comprehensive portfolio of managed security services, security testing, consulting, technology solutions and cybersecurity education, Trustwave helps businesses embrace digital transformation securely. In Australia, Trustwave is comprised of the legacy Hivint team who have joined forces with Trustwave and Optus Cyber Security. For more information about Trustwave, visit

  • Flexible work arrangements
  • $5k and 5 days' training / continued education allowance per year
  • Be a part of a collaborative and supportive team (you won’t feel alone!)
  • Career growth: receive mentoring, coaching, and support to progress your career

Everyone's voice matters here.  We aren’t looking for passengers, we’re looking for those interested in an opportunity to develop their skills and experience in information security and make a real difference.

In short, to work here, you need to give a s*** - after all, it could be your data you're protecting.

In return for your commitment, we will develop you personally and professionally in the company of competent colleagues, and you will have a professional development budget at your disposal each year for just that. We also want to recognise and reward your ongoing efforts and have a range of ways of doing that, from an annual bonus, flexible work arrangements, to cake ceremonies (we love cake) or a special night out.  But best of all, we’ll give you a hoodie and are happy for you to dress casually when working in the office. 

A bit more about the role

Trustwave is seeking a Security Advisor (GRC / Cyber) who we can guide and develop to provide a broad range of advisory services, covering security strategy, governance, risk, audit and compliance topics, as well as possessing enough of a technical background to be able to confidently work within high-complexity environments. Naturally we expect most candidates will be stronger in certain disciplines; and we are happy to look at candidates with varying strengths provided there is a versatility across all. If you like risk analysis vendor security assessment methodologies in the same way most people like donuts or kittens (or both), then we want to hear from you!

Your day-to-day tasks will vary considerably – from leading and delivering client projects, working with clients / prospective clients and identifying their security needs and whether we can assist, and more. Typical delivery tasks might include:

  • Undertaking security threat and risk assessments
  • Developing security strategies and roadmaps
  • Developing and reviewing solution / capability design artefacts
  • Developing and refining policies, standards, principles and strategies, and assessing their effectiveness
  • Assisting in the evaluation of emerging technologies, service providers, tools, platforms and applications that are best suited to the specific needs of a given organisation
  • Delivering security architecture advice (particularly surrounding cloud services)

A bit more about you

You’ll have:

  • Experience with, these standards - PSPF & ISM, Essential 8, PCI, NIST-CSF, ISO 27000, and PCI DSS
  • ISO27001 Lead Auditor certification (preferred)
  • Top-notch written and verbal communication skills
  • An analytical mindset (particularly when it comes to technology and business risk)
  • An ability to deliver multiple consulting projects at a high quality, often under pressure, while also developing strong relationships with our customers

Please note, due to client requirements, it is mandatory you hold a security clearance or be willing / eligible to obtain a BASELINE clearance (this includes being an Australian citizen).

But most of all, you must be passionate about sharing your information security knowledge with everyone around you, particularly your clients, your colleagues and the broader infosec industry – you want to make a change for the better.


Generally though, certifications /qualifications are nice to have. What we care about is what you know, and who you are. How you came to know it – whether via formal education, industry training and certification, self study, or the school of hard knocks -will be a good discussion point, but we don't necessarily favor one over the other.

At Trustwave, everyone's experience is valued. We advocate Diversity of Thought, using diversity of experiences and perspectives to innovate and solve real world problems. Our people have studied at different universities, are self-taught, have worked in different companies in Australia, and around the world. Whoever you are, be comfortable, be different, be you, with us. Join Trustwave and together we’ll solve the cybersecurity challenges of today and into the future.

Share this opportunity

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely.Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries.

To All Agencies: Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.