Head of GRC - Strategic Leader for Australian Cyber Risk …, Port Phillip City

About Triskele Labs

Triskele Labs is one of Australia's leading sovereign cyber security firms. We deliver Managed Detection and Response (MDR), Digital Forensics and Incident Response (DFIR), Offensive Security, and Governance, Risk and Compliance (GRC) services to regulated enterprises, government, and the higher education sector. Built over more than a decade, founder-led and independently owned, we partner with clients operating under some of Australia's most demanding regulatory regimes: APRA, AUSTRAC, ASIC, SOCI, PCI-DSS, IRAP and PSPF. Our GRC practice is a well-established part of that offering, delivering strategic advisory, framework implementation, audit, risk assessment, and assurance engagements to clients across financial services, government, critical infrastructure, healthcare and education. As we enter our next phase of growth, we are investing further in the leadership of this practice. The opportunity

We are seeking a Head of Governance, Risk & Compliance to lead and grow our GRC practice. This is a senior leadership role for a strategic, commercially-minded consulting leader who has built and scaled advisory teams within a Big 4, mid-tier, or specialist cyber firm, and who is energised by the prospect of leading a high-calibre practice inside a sovereign Australian business. You will set the strategic direction of the practice, develop our people, deepen our client relationships, and ensure our GRC offering continues to evolve in step with the regulatory and threat landscape facing Australian organisations. This is a leadership role focused on strategy, client outcomes, and team development. It is not a personal billable delivery role. What you'll do

Practice leadership and strategy Own the GRC strategy, defining the future shape of the practice, our service portfolio, and our positioning in the Australian market. Set the operating rhythm, establishing the standards, playbooks, and ways of working that enable the team to deliver consistent, high-quality outcomes at scale. Partner with the Executive Leadership team to align GRC into the broader Triskele growth strategy. Represent the practice externally as a visible voice for Triskele in the Australian GRC and cyber risk community. Client and advisory leadership Build trusted advisor relationships with senior leaders at our key clients, including CISOs, CIOs, CFOs, audit committee chairs, and boards. Shape cohesive programs of work that bring together the right combination of GRC services and broader Triskele capability. Provide executive-level advisory at client audit, risk and security committee meetings. Lead complex pursuits across regulated industries, government and higher education. Continue to grow the discrete engagement portfolio: strategic advisory, framework implementation, audits, assessments and assurance. Team leadership and capability Lead, develop and grow the GRC team. Set clear expectations, coach senior consultants, and build the next generation of practice leaders. Shape the operating model, including team structure, role profiles, and career pathways as we scale. Build playbooks, methodologies and IP so the practice operates consistently and scales without dependency on any individual. Set the tone for client presence, commercial instinct, and consulting excellence across the team. Cross-business integration Partner with our MDR, DFIR, Offensive Security and Platform Engineering teams to ensure clients benefit from the full breadth of our capability. Bring practical threat context into advisory work, grounding recommendations in real-world threat and detection insight rather than framework theory alone. Support enterprise and government pursuits alongside the CRO and sales leadership where senior advisory representation strengthens our position. Commercial performance Drive the commercial performance of the practice. Accountable for growth, profitability and client retention across the GRC portfolio. Evolve the service mix to reflect the changing regulatory environment and emerging client needs. Contribute to Triskele's broader commercial trajectory and strategic plan. About you

Essential experience 12+ years in cyber, technology or risk advisory, with significant time at Big 4, mid-tier, or specialist cyber firms. Prior practice leadership, capability leadership, or partner-track experience strongly preferred. Direct experience working within or alongside a managed services or MSSP business, with a clear view of how managed delivery and advisory fit together. Extensive advisory experience across multiple Australian regulated environments. You have led or materially contributed to engagements covering several of: APRA-regulated entities (CPS 234, CPS 230, CPG 234) ASIC-regulated and listed entities (cyber risk disclosure, RG 271, director duties) AUSTRAC-reporting entities (cyber controls aligned to AML/CTF obligations) SOCI Act and critical infrastructure (risk management programs, incident reporting) PCI-DSS environments (merchants, service providers, payment processors) Commonwealth and State government (PSPF, ISM, IRAP context, Essential Eight uplift) Higher education, healthcare and not-for-profit Substantive experience with ISO/IEC 27001 and 27002, NIST CSF, NIST 800-53, the ACSC Essential Eight, and the Australian Privacy Principles. Owned or contributed to the P&L; of a consulting practice, portfolio or business unit. Built, led and developed advisory or consulting teams. Demonstrated track record of attracting and retaining senior talent. Capabilities we value Strategic and systems thinker who can design an operating model and translate strategy into execution. Technically credible. Engages substantively on modern security architecture (Microsoft, identity, detection, cloud, data protection) and holds a credible conversation with engineering audiences. Frameworks-literate but outcomes-led. Uses standards as scaffolding for client outcomes, not as the end product. Strong executive presence with CISOs, executive committees, audit and risk committees, and boards. Genuine leader of people who develops others and holds a high bar. Collaborative operator who builds cohesive outcomes rather than protecting turf. Highly regarded Established relationships across the Australian CISO, CIO, and audit committee community. Credentials such as CISSP, CISM, CRISC, CGEIT, ISO 27001 Lead Auditor/Implementer, or PCI-QSA. Contribution to industry bodies, working groups, or regulatory consultations. What this role is not

It is not a billable delivery role. The Head of GRC is not measured on personal utilisation. It is not an internal compliance officer or internal-audit role. This is a client-facing, externally-focused leadership role. It is not a framework-implementer role. We hire and develop excellent practitioners to do that work. We are hiring the leader who builds the team that delivers it. It is not a sales role, but it is commercially accountable. The successful candidate will materially influence the growth of the practice. What we offer

A genuine leadership seat in one of Australia's most established sovereign cyber security firms. The autonomy to shape a practice, develop a team, and build something enduring. A high-trust executive team that backs its leaders and moves quickly. Competitive remuneration including base, performance incentive and perks, commensurate with senior consulting and practice leadership experience. Flexible working arrangements, with a preference for Melbourne-based candidates. Working at Triskele Labs

Triskele Labs is a sovereign Australian business, founder-led and independently owned. We are direct, we value honest and rigorous thinking, and we expect our leaders to set the tone for our people. We back our team, we hold a high bar, and we are building something genuinely differentiated in the Australian market. If this opportunity resonates, we would welcome a confidential conversation. Triskele Labs. Sovereign Australian Cyber Security.

#J-18808-Ljbffr Apply on Kit Job: kitjobau.com/job/3ro18q