ROLE SUMMARY 

Firmus is looking for an experienced Risk Manager to lead the development and implementation of the Firmus enterprise risk management function within the Risk & Compliance Department.  

The Risk Manager is responsible for developing, implementing, and continuously improving the organisation’s enterprise-wide risk management framework in accordance with ISO 31000 and the governance requirements of an ASX regulated company. This role ensures effective identification, assessment, mitigation, monitoring, and reporting of risks across strategic, operational, financial, cybersecurity, privacy, and regulatory domains. 

Operating within an organisation certified to ISO 27001 (Information Security Management System – ISMS), ISO 27701 (Privacy Information Management System – PIMS), and SOC 2 Type II, the Risk Manager works closely with internal stakeholders to embed risk management systems, strengthen internal controls, and support external certification and assurance activities. 

KEY RESPONSIBILITIES 

• Develop and manage risk and compliance processes.  
• Lead the organisation’s Enterprise Risk Management Framework (ERMF) and delivery of assessments in alignment with recognised standards. 
• Establish and maintain risk management systems, processes, and documentation. 
• Facilitate regular risk identification and workshops across all business units, including review and monitoring of risk appetite statements, risk tolerances, risk maturity models, and key risk indicators (KRIs). 
• Lead risk assessments for strategic projects, technology changes, third-party engagements, operational processes, and enterprise initiatives. 
• Oversee the integration of risk management systems (RMS) and governance tools. 
• Ensure alignment of risk processes with the organisation’s ISO 27001 ISMS, ISO 27701 PIMS, and SOC 2 Type II trust service criteria. 
• Provide oversight to ensure compliance with ASX Listing Rules, the Corporations Act, ASIC RG guidelines, the Privacy Act and APPs, and other applicable standards. 
• Maintain risk and compliance policies, governance structures, and supporting procedures. 
• Manage the Business Continuity Management System (BCMS) and ensure alignment with risk management principles. 
• Develop executive risk reports including heat maps, risk trends, and control maturity insights. 
• Provide risk management training, coaching and advisory support to leaders, project managers, and operational staff on risk management principles and best practices. 
• Comply with Group policies and procedures such as WHS, InfoSec, Privacy and Data Protection.  

SKILLS AND EXPERIENCE 

• Management and hands-on experience in a risk management role, ideally with time spent in an ASX regulated environment. 
• Minimum of 5 years’ experience in risk management. 
• Sound knowledge of the risks associated with technology-based listed / regulated companies. 
• Extensive experience implementing ISO 31000-aligned enterprise risk management frameworks. 
• Experience leading cross-functional risk programs, audits, and assurance reviews. 
• Demonstrated ability to design and execute risk assessments across strategic and operational domains. 
• Strong analytical and problem-solving skills, with the ability to develop and present strategic ideas and concepts in a clear way. 
• Extensive experience in the development and implementation of risk and compliance registers. 
• Experience developing risk insights, training, or supporting materials for diverse audiences. 
• Highly refined written and verbal communication, presentation skills and high level of personal integrity.