About WorkCover Queensland 

At WorkCover Queensland our vision is to be the best worker’s compensation insurer, to make a positive difference to people’s lives and to keep Queenslanders working. Our flexible work environment allows you to be your best every day and contribute to the big picture.  

Our organisation is made up of individuals who collaborate and seek to engage others, working together as One Team. We embrace diversity and value people who bring personal energy and authenticity to everything they do. If you’re someone with a strong values-oriented compass and you want to achieve sustainable outcomes, you will find a great community at WorkCover.  

About the Opportunity – Senior Cyber GRC Analyst  

WorkCover is entering a new chapter, with a renewed strategic focus and strong executive leadership guiding our organisation’s 2030 Strategy. As we move into delivery, this role plays a critical part in enabling enterprise-wide transformation that delivers meaningful outcomes for our people, customers and the broader community. As Senior Cyber Security Governance, Risk and Compliance (GRC) Analyst, you will be a key contributor to the ongoing development and delivery of WorkCover’s cyber GRC function, ensuring cyber security remains embedded, proactive and risk-informed across the enterprise. Reporting to the Cyber Security Governance and Compliance Manager, you’ll lead critical cyber governance activities that enable risk-informed decision making, operational resilience, and compliance with industry standards. 

You’ll collaborate closely with cyber, IT, and business stakeholders to lead the development and execution of security risk assessments, control assurance, third-party due diligence and awareness programs. You’ll be a trusted advisor on cyber risk to senior stakeholders and help ensure WorkCover remains resilient in an evolving threat landscape. This is a role for a seasoned cyber security professional who brings a risk mindset, technical expertise, and the ability to turn frameworks and standards into practical, value-driven outcomes. Your focus will be ensuring the effective implementation of our Information Security Management System (ISMS), uplifting cyber resilience, and enabling secure transformation delivery. 

You’ll also contribute to: 

• Lead cyber security control assessments and assurance activities across our Information Security Management System (ISMS) 

• Drive risk-informed decision making by delivering end-to-end cyber risk assessments, particularly for third parties and key initiatives 

• Facilitate cyber risk forums and provide expert insights to senior leadership on risks, controls and mitigation strategies 

• Provide expert guidance and influence across cyber policy development, control design, and audit response 

• Coordinate cyber team planning and delivery, ensuring clear priorities, accountability, and alignment with enterprise transformation initiatives 

• Contribute to uplift of WorkCover’s GRC capability through process optimisation, assurance design and risk analytics 

A bit about you: 

You’re an experienced cyber governance and risk expert with at least 7+ years in cyber security, risk, or compliance roles within regulated, complex environments. You know how to translate risk frameworks into operational controls and are comfortable influencing decisions at all levels of the organisation. 

You bring: 

• Proven experience leading cyber GRC initiatives in large organisations 

• Deep knowledge of security standards and frameworks like ISO27001, NIST CSF, and the Essential 8 

• Strong communication and influencing skills, with the ability to engage both technical and non-technical stakeholders 

• Experience with third-party cyber risk, awareness programs, and security policy development 

• A collaborative mindset and the ability to lead and uplift others in a high-performing cyber team 

• Certifications such as ISO27001 Lead Auditor/Implementor, CRISC, CISA, or CISSP are highly regarded 

You’re curious, delivery-driven, and motivated by continuous improvement. You thrive on simplifying complexity, solving problems with agility, and building a strong culture of cyber security awareness and accountability.