Governance, Risk, and Compliance Manager, External Risk & Privacy

Location: Adelaide, Melbourne, or Sydney, Australia - Remote Who Are We? About Airlock Digital Airlock Digital is a global leader in application control and allowlisting. We seek to empower every organization to run only what they trust and operate free from malware and ransomware.  With rapid growth across Australia, North America, and EMEA. We are committed to our core values, respect, determination, and integrity. We support a diverse and expanding global customer base. At Airlock, we pride ourselves on being a team of humble, collaborative, and driven professionals who support one another and share a passion for cybersecurity. What We Are Looking For The Senior GRC Manager - External Risk & Privacy is responsible for leading Airlock Digital’s external and operational risk activities. This role manages customer and third-party security questionnaires, oversees vendor risk processes, contributes to contract reviews from a security perspective, and supports privacy-related activities across the business. The role works closely with internal business, legal, procurement, technology and customer-facing teams to help manage external trust requirements and reduce operational risk exposure. Key Responsibilities

• Manage and respond to customer and third-party security questionnaires in collaboration with relevant internal stakeholders.
• Own and improve Airlock Digital’s vendor risk management activities, including due diligence, security assessments and ongoing monitoring.
• Evaluate and manage relationships with third-party vendors and contractors from a risk, security and compliance perspective.
• Conduct risk-based assessments of external service providers and support remediation or treatment activities where required.
• Contribute to contract reviews by providing security input on customer, partner and supplier agreements.
• Identify, assess and help manage external and operational security risks impacting the business.
• Support privacy-related activities, including coordination of privacy requirements, data handling obligations, and related internal processes.
• Work with stakeholders across the business to ensure appropriate controls and mitigation measures are implemented.
• Maintain records, templates, responses and reporting relating to questionnaires, vendor assessments, contract security reviews and privacy-related activities.
• Prepare reporting and insights for leadership on external risk, third-party assurance and related matters.
• Support broader governance, risk and compliance activities where required, including risk assessments, reporting and stakeholder coordination.
• Organise and attend relevant internal and external meetings with customers, vendors and other stakeholders.
• Contribute to the ongoing maturity and operational effectiveness of Airlock Digital’s GRC function.

Required Skills & Qualifications

• 5+ years experience in governance, risk, compliance, privacy, vendor risk, third-party risk or related roles, ideally within a software vendor, technology business, consultancy or regulated environment.
• Experience responding to customer or third-party security questionnaires and supporting customer assurance processes.
• Experience assessing and managing third-party or vendor risk.
• Experience contributing to contract, procurement or commercial reviews from a security or compliance perspective.
• Familiarity with privacy obligations and practical privacy risk management in a business environment.
• Strong written and verbal communication skills, with the ability to engage effectively with internal and external stakeholders.
• Strong analytical skills, attention to detail and sound judgement.
• Ability to work independently and collaboratively, while managing multiple competing priorities.
• Pragmatic, business-aware approach to risk management and stakeholder engagement.
• Experience working in an Australian business environment is strongly preferred.

Bonus Points

• ISO27001 Lead Auditor, ISO27001 Lead Implementer, IRAP Assessor, CISSP, CISM, CISA or others that relate to the GRC discipline.

What We Offer We don’t think money is everything, but we know it is an important part of your decision to apply for a role. Additional factors considered in extending an offer include responsibilities of the job, education, location, experience, knowledge, skills, abilities, and internal equity, alignment with market data, or applicable laws.  Flexible Work Environment, Hybrid or Remote – Time Off - Paid Volunteering Time - Birthday Leave - Paid parental Leaves - Home Office Allowance Our Commitment We believe in supporting our team members both personally and professionally. Named one of the Australia’s Greatest Places to Work and 5th best technology company for 2025, we value flexibility, trust, and a work environment that empowers our team to do their best work. We will be assessing applications as they come in, so we encourage you to send your resume through to us as soon as possible. All official job offers from our company are extended directly by our recruitment team and will be sent through an official BambooHR document for your review and signature. Please be aware that we do not ask for any personal information in the process of extending offers of employment, such as financial details. Upon acceptance of any offer, we will request such information as part of the onboarding process prior to or on your first day of employment, and only after completing a National Police Check through an authorized third-party vendor. If you receive any communication asking for personal details outside of these processes, please contact us immediately to verify the authenticity of the request. Your security is important to us, and we are committed to a safe and transparent hiring experience. No contact from recruitment agencies, thank you.