GRC Analyst

About LEAP

LEAP is the leading provider of Legal Practice Management Solutions in the world and is part of ATI – one of the largest international LegalTech companies. For more than 30 years, our curiosity and commitment to continual improvement has kept us reimagining productivity tools for lawyers and their staff to support our guiding purpose, to ‘Help lawyers who help people’. The market-leading software we develop, and support is used by more than 71,000 lawyers and their staff in small and medium-sized law firms.

Working alongside our international team of passionate high achievers, you’ll join a fast-growing technology business where things seldom stay the same for long. With more than 1000 smart, caring and ambitious ‘LEAPsters’ working together across Australia, Canada, the United States, the United Kingdom, the Republic of Ireland, Poland and New Zealand, you’ll find yourself in good company here.

What you'll do

We are looking for a GRC Analyst to support our Governance, Risk and Compliance function.  

This role is ideal for an early‑career professional with a strong interest in information security, privacy, and regulatory compliance, particularly within technology and legal services. 

You will work closely with senior security, privacy, legal, and engineering stakeholders to help maintain and improve our compliance posture, risk management activities, and internal controls aligned to Australian and international standards. 

Working alongside the broader security team and reporting directly to our GRC Manager, you’ll collaborate with stakeholders across LEAP to ensure alignment on priorities and outcomes. 

To make this happen, you will:

• Keep the annual SOC 2 and ISO 27001 audits on track 

• Develop supporting documentation for Business Continuity, Disaster Recovery and Security controls. 

• Tracking and reporting on compliance, risk and cyber KPIs 

• Maintaining risk registers and following up on remediation activity. 

• Support Vendor and Third Party risk management, including security assessments. 

• Respond to client security and compliance questionnaires 

What you'll bring

• ISO 27001 Internal or Lead Auditor or Implementer.
• Bachelor’s degree in IT or a related field, or relevant certifications such as CISA, CRISC will be highly regarded.

• Good GRC or technology risk background – SOC 2, NIST CSF, and ideally ISO 27001 are familiar territory. 

• It would be a bonus if you’ve worked within a tech, SaaS or B2B Software company. 

• Proficiency with GRC tooling such as OneTrust, Drata and Vanta experience is a real bonus. 

• Strong Microsoft office suite skills (Excel, PowerPoint, Word) 

• Ability to approach complex problems with creativity and critical thinking. 

• Excellent time management skills with the ability to prioritise tasks and manage multiple competing priorities. 

• Strong relationship skills, connecting easily with others, flexing your style to establish effective relationships across all levels of the company. 

You are the type of person who

LEAP is an inclusive, people-first company committed to breaking down institutional barriers that keep people from reaching their potential. If you meet some, but not all the requirements above, we encourage you to still submit your application.

Why join LEAP?

• Your work matters. Helping lawyers help people sits at the heart of everything we do. We solve real world problems that improve and support local, everyday law firms. So they can do their best work for the people in the communities they serve.
• Make an impact. You won’t be another ‘cog in the wheel’ here. We give full trust and autonomy for you to be heard, to work on big & complex projects – and to make a real difference.
• Work with a group of authentic, passionate people who love what they do.
• Flexible and hybrid working. We'd like to find this person in Sydney, but we want you to work in a way that suits you and we're open to flexible arrangements that support you.
• Grow your career with us. Our founder Christian Beck has been building legal tech businesses for over 30 years. There are opportunities galore to expand your career based on where your interests lie. We're not afraid to pivot based on market conditions - you will always have the opportunity to stay ahead of the curve and do your best work here.
• Have fun with us. Celebrations. Socials. Sports teams. Access to sailing and yacht events.
• We value your well-being - enjoy an additional paid wellbeing day every year, free gym membership, corporate dental plan and weekly massages in the office.
• Work in a new, beautiful office space – with a catered lunch and breakfast every week, fully stocked kitchen and an on-site barista.
• Access to LEAP Home - a program unique to LEAP to support you in buying your primary residence. 

1. ISO 27001:2022 - Internal Auditor or Implementer or Lead Auditor

2. Solid understanding of information security principles, risk management concepts, and control frameworks

3.Demonstrated experience supporting ISO 27001 and/or SOC 2 audit processes, including evidence collection, audit coordination, and remediation tracking.

4. Maintain and manage risk registers, including tracking risk treatment actions and reporting on status

5. Good capability in developing and maintaining GRC documentation, including policies, procedures, business continuity (BCP), disaster recovery (DR), and security controls.

6. Experience supporting third-party/vendor risk management, including conducting security assessments and reviews.

7. Ability to respond to client security questionnaires and support customer assurance activities

8. Strong stakeholder engagement and communication skills, with the ability to work cross-functionally with security, legal, Cyber, IT and engineering teams