Security Risk and Reporting Analyst

Will you actively create a healthier future for tomorrow?  

At Medibank we’re encouraged to think big. We have a clear purpose to impact better health outcomes for our customers, patients and our community. We celebrate diversity of thought because we want to make better decisions for our customers. As we work towards our goal of better health for better lives, we value the knowledge and contribution of Aboriginal and Torres Strait Islanders. We are working hard to create an inclusive workplace and develop Indigenous careers. 

Medibank has bold 2030 Vision to deliver the best health and wellbeing for Australia increasingly relies on succeeding in Digital. Digital platforms and engineering services will be a critical enabler for future health and insurance experiences we deliver to our customers. The current Digital platforms have strong capabilities but for us to win in the context of 2030 vision, our digital assets will need to be reimagined and further evolved that is scalable, increases agility and accelerate solution delivery with improved security posture. 

About the Role

We’re looking for a Security Risk and Reporting Analyst to join our high-performing Security Governance Team. In this role, you’ll play a critical part in managing and monitoring security issues across the enterprise, ensuring data quality, and delivering insightful reporting that drives informed decision-making. This is an initial 6 month contract paying $800 per day including Super. This role is remote across VIC, NSW, QLD and ACT.

Key Responsibilities

• Track and manage security issues in the GRC platform.
• Deliver clear, actionable reports on risks, control effectiveness, and remediation.
• Identify trends and recurring issues to support proactive risk management.
• Ensure accuracy and currency of data in the Security Issues Register and Assurance Tracker.
• Support coordination and analysis of security testing activities such as penetration testing and red teaming.
• Collaborate with internal teams and risk/compliance stakeholders.
• Ensure timely and accurate reporting of enterprise-delivered risks.
• Enhance reporting processes and drive automation.
• Develop and maintain standard reporting procedures.

What You’ll Bring

• 5+ years of experience in cyber security, risk management, or compliance.
• Strong knowledge of regulatory frameworks (e.g., APRA CPS 234, NIST CSF, ISO 27001, PCI DSS, Essential Eight).
• Proficiency in GRC platforms and data visualisation tools (e.g., Power BI, Tableau).
• Excellent communication, analytical, and organisational skills.
• Attention to detail and a proactive, collaborative mindset.
• Relevant certifications (e.g., ISACA, CISSP) are highly desirable.

A career with us

At Medibank, we believe work is something we do, not somewhere we go. Our modes of working – Collaboration, Connection and Concentration – help inform how your day is structured and where you choose to work will vary, depending on your role and requirements.  

The wellbeing of our employees is our priority. We encourage you to talk to us about any additional support you may require during the recruitment process, as well as how this role can be flexible for you. We encourage applications from candidates with a disability, if you require any adjustments or alternate formats of key information at any stage of the recruitment process, we welcome hearing from you.