Security Assurance Lead

Will you actively create a healthier future for tomorrow?

At Medibank we’re encouraged to think big. We have a clear purpose to impact better health outcomes for our customers, patients and our community.

We celebrate diversity of thought because we want to make better decisions for our customers. As we work towards our goal of better health for better lives, we value the knowledge and contribution of Aboriginal and Torres Strait Islanders. We are working hard to create an inclusive workplace and develop Indigenous careers.

At Medibank our purpose is Better Health for Better Lives. These simple words sit at the heart of everything we do. Our employees are the ambassadors of our purpose and we have strong values to help guide the behaviours and shape of our culture.

The Role

The Security Assurance Lead is a key member of the IT Governance team. The role is responsible for leading information security assurance activities across the enterprise to ensure that existing and new ICT systems, services and products meet the security compliance requirements. As the Security Assurance Lead you will be responsible for monitoring and testing the effectiveness of implemented security controls and determining deviations from acceptable configurations, policy, or standards, and providing expertise in risk treatment management and compliance requirements for internal and external reviews of requirements. You will play an instrumental role in driving security accountabilities and responsibilities across the enterprise, promote robust risk management practices and provide timely management and board reporting in respect of core security assurance activities.

The Responsibilities:

• Active member of the Security Governance Team helping to mature and evolve security assurance across the enterprise.
• Provide visible leadership and guidance across broader IT Security teams, both within Security and Data and Technology.
• Contribute to the Security Governance strategy and associated corporate plans through the development and maintenance of a security assurance plan.
• Maintain and grow role-specific regulatory, technology, industry trends and domain knowledge.
• Provide insightful and comprehensive reporting with respect to security risks, control effectiveness, remediation activities and continuous assurance to support informed decision making in line with risk appetite and drive investment where needed.
• Work with key stakeholders in embedding security assurance activities into their ways of working to ensure control effectiveness and compliance against our policies and standards is maintained.
• Work collaboratively with Risk and Compliance and Internal Audit to ensure the strategies, initiatives and activities are aligned.
• Develop relationships with key stakeholders throughout Data and Technology and the broader business.
• Lead the monitoring and testing of the effectiveness of implemented security controls to maintain compliance with internal and external security policies and standards.
• Lead the coordination, monitoring and evaluation including tracking, collating, and analysing data on security assurance activities including vulnerability management, penetration testing and red teaming.
• Work closely with Data and Technology teams to ensure that systems are properly protected, and security baselines are applied correctly.
• Gather cyber security metrics and provide regular reporting while improving the internal processes to promote consistent evaluations, automation, and reporting of metrics.

About You

• Experienced in a similar role and knowledge across cyber security, assurance, risk management and compliance.
• Strong knowledge of security threats and trends as well as best practices for mitigating security risks.
• Extensive knowledge and understanding of regulatory requirements and industry standards related to security (APRA CPS 234, NIST CSF, ISO 27001, PCI DSS and Essential Eight)
• Excellent communication and collaboration skills, with the ability to liaise effectively with technical and non-technical stakeholders.
• Excellent written, presentation and verbal skills.
• Relevant certifications (e.g., ISACA, CISSP etc,) and experience with GRC platforms and tools would be highly desirable.

A career with us

At Medibank, we believe work is something we do, not somewhere we go. Our modes of working – Collaboration, Connection and Concentration – help inform how your day is structured and where you choose to work will vary, depending on your role and requirements.

The wellbeing of our employees is our priority. We encourage you to talk to us about any additional support you may require during the recruitment process, as well as how this role can be flexible for you. We encourage applications from candidates with a disability, if you require any adjustments or alternate formats of key information at any stage of the recruitment process, we welcome hearing from you via careers@medibank.com.au or (03) 8622 5666.

We offer a range of great benefits such as subsidised private health insurance, rewards and discounts, and health and wellbeing initiatives. To find out more, click here.

To start small and impact bigger.