Information Security GRC Lead

About us:

A wholly owned subsidiary of the Pharmacy Guild of Australia, Guild Group Holdings is an APRA regulated entity and provides specialist services to support the Australian Allied Healthcare and Community Services sectors, to enable improved health and wellbeing outcomes for all Australians. It’s how we’re ‘there for those our communities rely on’.

Our employee experience:

We thrive together at Guild Group.  Our people feel truly connected to our purpose and are motivated by it. With our eyes on the future, our people thrive on a challenge and learn from each other. Guild Group team members truly care about each other and our customers, and everyone contributes to make a real difference by supporting the people our communities rely on.

Your new role:

Reporting to the Head of Information Security, the newly created Information Security GRC Lead is responsible for managing and enhancing the organisation’s Security Governance, Risk & Compliance (GRC) and Data & Privacy Protection programs. The role ensures compliance with regulatory and internal requirements while safeguarding sensitive data. It also supports Business Continuity, Disaster Recovery, and Data Governance initiatives, driving continuous improvement and ensuring organisational resilience.

Core accountabilities:

Security Governance, Risk & Compliance

• Develop and maintain security frameworks, policies, standards, and awareness programs.
• Identify, assess, and manage security risks, including third-party and AI-related risks.
• Design, test, and manage security controls and maintain the Security Controls Library.
• Prepare and present security reports and support internal and external audits.
• Monitor regulatory compliance and support business continuity and disaster recovery planning.

Data & Privacy Protection

• Develop and implement data protection, classification, privacy, and retention policies.
• Conduct Data Protection Impact Assessments (DPIAs) to manage data protection risks.
• Oversee cryptographic controls and the management of sensitive data inventories.
• Support the development of data governance frameworks and procedures.
• Maintain data privacy practices to ensure compliance and protect sensitive information

The role will also recommend security policy and standards improvements, and review and approve risk mitigation, compliance actions, and vendor deliverables for HoIS sign-off.

 About you:

• Degree in computer science, Information Systems, or related field
• Appropriate certification such as Certified ISO 27001 and ISO 22301 Lead Auditor/Implementor, CISM and CRISC (ISACA), and ITIL certified.
• Proven experience (circa 10 years) in Information Security GRC roles, IT Governance & Risk Manager or similar role.
• Experience with ISO 27001, FAIR, NIST CSF, PCI DSS and other Security Frameworks.
• Experience working in an APRA regulated organisation and experience of compliance with CPS 234, CPS 230 and other regulatory standards.
• Australian Privacy Law, OAIC APP’s and ASIC Cyber Resilience Good Practices etc.

What we offer?

• Remuneration package + 15% annual short- term incentive
• Hybrid working arrangement (2 days in office, 3 days from home and every second Friday)
• The opportunity to work as part of a newly formed Information Security function.
• Paid parental leave for eligible staff and an extra day of paid leave in addition to annual leave entitlements
• Enhanced long-service leave
• Staff discounts and offers with leading retailers and an innovative Employee Assistance Programme
• Wellbeing initiatives, learning opportunities and purpose led businesses.

If you have any questions, please email Jason at recruitment@guildgroup.com.au. Please do not apply via email