Introduction Our purpose is to make skills, education and employment accessible to every person, so they can create their own world of unbounded possibilities. About The BUSY Group… The BUSY Group is a leading not-for-profit organisation with 47 years experience as a community partner. With multiple business entities operating across 100 locations Australia-wide and now in New Zealand, the United Kingdom and Canada, we offer an extensive range of employment services and programs, vocational training, apprenticeships, mentoring,, specialist schools and allied health services. Description Are you passionate about strengthening information security, privacy governance and organisational assurance? The BUSY Group is seeking a skilled Information Security GRC Specialist to play a pivotal role in protecting our data and information security systems. This is an exciting opportunity to join a purpose‑driven organisation and help uplift our information security and privacy maturity across multiple frameworks, including ISO/IEC 27001:2022, ASD ISM, PSPF and Right Fit for Risk (RFFR). Why You’ll Love This Role You’ll be the engine behind our information security and privacy assurance program — planning and delivering internal audits, coordinating external audits such as ISO 27001, driving corrective actions, and supporting privacy-by-design across the business. If you enjoy, problem‑solving, continuous improvement and working with people across all levels of an organisation, this role offers variety, impact and growth. You’ll report to the Group Quality & Compliance Manager and work closely with our IT and Information Security, Corporate Services and program teams across the business. What You’ll Be Doing Deliver internal audits aligned to ISO 27001 and related security frameworks. Coordinate external audits and assurance activities, such as our annual ISO:27001/RFFR, ensuring stakeholders and evidence are well‑prepared. Track audit findings, drive corrective actions, and support continuous improvement across information security and privacy. Monitor compliance posture, maintain dashboards, and provide regular reporting to senior leaders. Manage audit records, evidence and corrective actions within the organisation’s GRC platform. Act as a key contact for privacy matters, supporting PIAs, privacy‑by‑design practices and incident analysis. Build awareness through training and education on information security and privacy requirements. We offer 4 additional paid annual leave days – 1 My BUSY Day and 3 days at Christmas Clear pathways for internal advancement Dedicated training budget for personal and professional growth BUSY Benefits program - Employee Assistance Program, paid parental Leave, retail discounts and access to Fitness Passport Remote or hybrid option available Enjoyable, interesting work that genuinely impacts lives across Australia and the globe! Skills And Experiences About you ISO/IEC 27001:2022 Lead Auditor certification (preferred/strongly desirable), or equivalent information security audit qualification. Knowledge of auditing principles consistent with ISO 19011 guidelines (or equivalent audit methodology training). 3 years commercial/external auditing experience (desirable) and 5 years broader IT/technology experience (desirable), or equivalent demonstrated capability. Blue Card National Police Check Open drivers’ licence Ability to obtain a clearance from Australian Government Security Vetting Agency (AGSVA) Next steps This role will actively commence recruitment from the date of advertisement. The closing date of this ad is dependent on the appointment of the role. The BUSY Group is an organisation that prioritises the safeguarding of children and all vulnerable people by actively adopting strategies that embed a culture of zero tolerance for abuse of any kind. The appointment of successful applicants will be subject to satisfactory employment screening including criminal history and relevant working with children checks. The BUSY Group is committed to achieving a diverse workforce and strongly encourages applications from First Nations People, veterans, people from culturally diverse backgrounds and people with disabilities.