GRC - Application Risk Analyst
The Application Risk Analyst role in the Cyber Governance, Risk, and Compliance (GRC) team is key to meeting cybersecurity goals and ensuring regulatory compliance across all units. This is an outstanding opportunity to join a dynamic team and help maintain a secure and resilient IT infrastructure.
This role involves conducting technical application and third-party risk assessments to identify cyber vulnerabilities and operational and regulatory threats. Collaboration with agile Product teams and GIS is essential to implement mitigating technical controls aligned with GIS policies and regulatory standards. The analyst will prepare detailed assessment reports for Business Unit owners, highlighting key risks and policy exceptions through threat modelling. Partnering with GIS and Business Units to develop and implement risk exception plans and strategies is also a key part of the role. Support for the development of automated quantitative and qualitative risk analyses and reporting processes is required. Liaising with internal and external auditors to provide documentation and evidence for compliance with international security standards (SOC-2, ISO 27001, PCI DSS, NIST CSF 2.0) is also a responsibility. Providing mentorship on changes in product security and regulatory landscapes, updating Aristocrat’s Security Policies, Standards, and Technical Security Requirements as needed, and supporting the delivery of the wider GIS Security program in line with Aristocrat’s strategy and important metrics are also part of the role.
- Conduct technical application and third-party risk assessments to identify cyber vulnerabilities and operational and regulatory threats.
- Collaborate with agile Product teams and GIS to implement mitigating technical controls aligned with GIS policies and regulatory standards.
- Prepare detailed assessment reports for Business Unit owners, highlighting key risks and policy exceptions through threat modelling.
- Partner with GIS and Business Units to develop and implement risk exception plans and strategies.
- Support the development of automated quantitative and qualitative risk analyses and reporting processes.
- Liaise with internal and external auditors to provide documentation and evidence for compliance with international security standards (SOC-2, ISO 27001, PCI DSS, NIST CSF 2.0).
- Provide mentorship on changes in product security and regulatory landscapes, updating Aristocrat’s Security Policies, Standards, and Technical Security Requirements as needed.
- Support the delivery of the wider GIS Security program in line with Aristocrat’s strategy and important metrics.
- Self-motivated and adaptable to an ever-changing cybersecurity environment (required).
- Excellent collaboration skills, eager to work as part of a cohesive, distributed team (required).
- Outstanding analytical and critical thinking skills (required).
- Comprehensive communication skills, including effective listening, data gathering, and idea articulation (required).
- 5+ years of experience in information security with a relevant degree (required).
- IT Audit, Internal Audit, and/or cyber advisory experience (nice-to-have).
- Familiarity with cybersecurity industry standards and frameworks such as NIST CSF, NIST 800-53, ISO 27001, and PCI DSS (required).
- Preferred certifications: CISSP, CCSP, CISM, CISA, CompTIA Security+, GIAC (preferred).
- Robust benefits package.
- Global career opportunities.
Aristocrat Leisure Limited is an Australian gaming and technology company and one of the world's largest providers of gambling products. Listed on the Australian Securities Exchange and headquartered in Sydney, it designs and manufactures electronic gaming machines and casino-management systems, and runs sizeable online real-money gaming (Aristocrat Interactive) and mobile games (Pixel United) businesses. Founded in 1953, the group employs more than 7,000 people across over 20 locations worldwide. It is the largest gaming-machine manufacturer in Australia and among the biggest slot-machine makers globally.
