Information Security Governance Risk & Compliance Analyst

About Fresh Clinics

At Fresh Clinics, we’re not just supporting healthcare professionals—we’re revolutionising the medical aesthetics industry. Our industry leading "clinic in a box" model equips nurse-entrepreneurs and business owners to build, scale, and thrive with confidence.

Backed by world-class technology, unrivalled medical compliance support, and a thriving community of healthcare professionals, we’re empowering clinics to deliver exceptional care whilst achieving their business dreams.

As one of Australia’s fastest-growing tech companies and a proud top-ten finalist in Deloitte’s Tech Fast 50 three years in a row, we’re scaling fast, making waves, and redefining a global industry.

At Fresh, our culture is as bold as our mission. We “work smart, hustle hard, stay humble, and lead with kindness.” If you’re looking for a workplace that celebrates innovation, drives real-world impact, and champions your growth—welcome home.

About the role

We’re looking for a proactive and detail-oriented Information Security Governance, Risk & Compliance Analyst to help scale our information security program at a critical point in our growth.

You’ll work closely with our Head of Information Security to drive key security and compliance initiatives — including achieving SOC 2 and HIPAA compliance- and help shape how Fresh approaches privacy, trust, and risk across the business.

This is a role with real scope and ownership. You’ll lead on implementing controls, running assessments, delivering training, and embedding security into everyday processes across the company.

A week in the life

• Implement and track compliance controls using Vanta to support audit readiness (SOC 2 + HIPAA)
• Manage vendor security assessments and ensure we’re working with partners who meet our standards
• Coordinate company-wide security awareness and privacy training, including phishing simulations
• Support our vulnerability management program and remediation efforts with internal tech teams
• Partner cross-functionally to assist with privacy impact assessments and support changes, and updates to the risk register
• Help build and maintain a strong security foundation that grows with us

We'd love you to have

• 5+ years’ experience in IT, cybersecurity, or risk-related roles
• Strong technical foundations — you’ve worked with systems, users, and security tooling
• A proactive mindset with a passion for solving complex problems
• Familiarity with frameworks like SOC 2, HIPAA, and ISO27001
• Experience with compliance platforms like Vanta (or similar)
• Confidence working cross-functionally and managing competing priorities
• A genuine interest in helping scale a modern, practical approach to security

Bonus if you have any of the following certifications (but not required):

• CompTIA Security+
• Certificate in Cybersecurity (ISC2)
• CGRC (Governance, Risk and Compliance – ISC2)
• CISA, CISM, or CRISC (ISACA)

Why you'll love working here

🧭 Clear ownership and the chance to make real progress, fast

🤝 Mentorship and collaboration from experienced leaders

🧘 Quarterly wellness days + EAP access

🚗 EV Novated Leasing

👐 Two paid volunteer days each year

🏡 Remote-first work culture with the choice to work from our Surry Hills office if you're Sydney based

🎉 Team connection, with a blend of virtual and in-person events

Ready to Apply?

Apply now and help shape the future of people operations at Fresh Clinics!

Fresh Clinics are an equal opportunity employer and encourage people from all walks of life to be part of our team.

Please note, this person will need to be based in Australia with full, permanent working rights.