Vulnerability Management Lead

You’re only human.   

It’s a strange thing to say, because us humans are capable of incredible things. And at Medibank, we know our greatest potential lies in the people who work with us.   

We strive to make real, fundamental change, driven by a simple purpose: to create the best health and wellbeing for all of Australia.  

The Role

This is a leadership opportunity with enterprise-wide accountability for Medibank’s management of security vulnerabilities. Leading a team of vulnerability management specialists, you will be a key member of the CISO team and responsible for delivering scalable, secure, and compliant vulnerability management services that support Medibank’s strategic goals.

As the steward of vulnerability management across our environment, you will play a critical role in securing systems that host sensitive health data, enhancing security through seamless and secure identification, response and management of vulnerabilities with regulatory obligations such as APRA CPS 234, ISO 27001, and the Australian Privacy Principles (APPs).

You will oversee the full vulnerability management lifecycle—including scanning, patching and testing —ensuring controls are risk-aligned, auditable, and continuously improved. You will also lead the response to vulnerability related incidents, applying your technical expertise to manage operational risks and drive a proactive vulnerability management security posture.

The Responsibilities:

• Develop and implement a vulnerability management strategy aligned with the organisation's goals and objectives. This includes defining policies, standards, and procedures for managing patch deployment and pre-production vulnerability scanning.
• Ensure compliance with regulatory requirements and industry best practices related to vulnerability management.
• Establish controls and processes to monitor and mitigate vulnerability-related risks.
• Oversee the selection, implementation, and maintenance of vulnerability management systems, tools, and technologies.
• Strong understanding of cybersecurity principles, vulnerability assessment tools (e.g., Nessus, Tenable, Qualys), and IT infrastructure to effectively assess and mitigate vulnerabilities.
• Collaborate with various stakeholders, such as IT teams, business units, and external partners, to understand and support their vulnerability management requirements and patching calendar.
• Provide guidance and support to ensure secure and efficient access to resources.
• Responding to security incidents related to vulnerabilities, coordinating with relevant teams to contain and mitigate threats promptly.
• Providing training sessions and raising awareness among staff regarding best practices for vulnerability management and cybersecurity hygiene.
• Drive outcomes out of engineers and analysts to ensure the business aligns with vulnerability management standards and processes.
• Engaging with external vendors for vulnerability assessments, tools, and solutions, ensuring they meet the organization's requirements and standards.
• Driving a culture of continuous improvement by evaluating existing processes, tools, and methodologies to enhance the effectiveness of vulnerability management practices.

About You

• 7+ years of experience in a similar or related role, demonstrating deep expertise in various Vulnerability Management technologies such as Tenable, Qualys, Nessus etc.
• Demonstrated experience in leading Vulnerability Management teams, covering the full lifecycle— scan results, identify trends, and develop strategies to address systemic issues within the organization's IT environment.
• Strong stakeholder management skills, with the ability to communicate complex and risk driven Vulnerability Management concepts effectively and present data-driven narratives.
• Extensive experience in operational IT security focused on vulnerability management
• High analytical and mature problem-solving skills.
• Excellent communication, skills written and verbal.
• Understanding of relevant regulations and standards in the healthcare and insurance sectors (e.g., APRA CPS 234, Privacy Act) to ensure adherence to compliance requirements.

Strongly Desirable:

• Experience in the finance, health insurance or healthcare industry, specifically related to vulnerability management practices.

Imagine working with us 

We understand that work means different things to everyone...  We know happy, healthy people make great teams, and great teams put more heart into each customer and patient interaction. And that’s why we’re reinventing work.    

Imagine a workplace where work didn't feel like work. A workplace where you could shape when and where you work to have more impact. Where flexible working isn’t a buzzword, it’s a reality.  

Imagine a workplace that helps you and your family thrive.  Where connection, personal development and health and wellbeing are front of mind. To learn more about our benefits go to https://careers.medibank.com.au/culture/rewards-benefits/

For you, work should help you Live Better. It should bring you fulfillment and joy. And with Medibank, it could. 

Inclusion and Accessibility  

We believe in everyone's potential and strive to make Medibank inclusive for all because different perspectives make us better. We encourage applications from everyone, including Aboriginal and Torres Strait Islander candidates, those with disabilities, and LGBTQIA+ community including transgender and gender diverse applicants. 

For any adjustments or alternative formats during the recruitment process, please contact us at careers@medibank.com.au. To learn about our commitments and employee experiences, go to https://careers.medibank.com.au/culture/diversity-inclusion/