Audit and Compliance Team Lead

MedHealth are a purpose-built collection of industry leading health, medical and employment brands. Our unique and diverse capabilities come together to get the best possible health and employment outcomes for you and the people you support. We support whole populations to better outcomes, yet never lose sight of the individual we are working with to build a better life through work and health.

Based in Melbourne Australia, MedHealth are currently seeking someone with a high level of initiative, an outgoing personality, and a professional can-do attitude to join our team.

The Audit & Compliance Lead is responsible for coordinating and executing cybersecurity compliance activities, internal and external audits, and assurance reporting. This is a technically grounded role focused on control implementation, evidence gathering, and continuous improvement of governance, risk, and compliance (GRC) processes.

Working closely with the Security and Compliance Manager, this role will lead the audit and assurance function, maintain alignment with regulatory and policy requirements (e.g., ISO 27001, NIST), and help embed a security-first culture across the organisation. The role also provides leadership and mentoring to the Audit & Compliance Officers.

• Lead the planning, coordination, and execution of cybersecurity audits (internal, external, regulatory).
• Manage the end-to-end audit lifecycle including evidence collection, gap analysis, remediation planning, and status reporting.
• Prepare audit artefacts aligned to relevant frameworks (e.g., NIST CSF, ISO 27001, DISP, ACSC Essential Eight).
• Coordinate control testing activities and assurance reporting to internal stakeholders and executive governance bodies.
• Co-ordinate and oversee risk function for technology and cyber operations.
• Collaborate with internal IT teams to identify, track, and mitigate technology-related risks.
• Conduct risk assessments and provide recommendations to improve security posture and regulatory compliance.
• Prepare detailed reports and presentations for senior leadership, board members, and external regulatory bodies.
• Lead third-party risk management processes, ensuring vendors meet security and compliance requirements.
• Conduct security assessments for new and existing vendors, ensuring proper due diligence is performed.
• Define, develop, and implement key security and compliance metrics.
• Create and maintain dashboards, scorecards, and risk indicators to provide visibility into the security and compliance landscape.
• Create and continuously build an evolving portfolio of audits, and investigating new opportunities to further strengthen our capabilities and governance

• Minimum 5+ years of experience in IT audit, risk management, or cybersecurity compliance.
• Knowledge of ISO 27001 with experience implementing and maintaining compliance.
• Broader knowledge and practical experience with implementation of NIST, Essential 8, SOC 2, and other security frameworks.
• Strong understanding of IT risks, security controls, and regulatory requirements.
• Experience in managing risk assessment programs and collaborating with multiple stakeholders.
• Demonstrated ability to develop and deliver security reports and compliance dashboards for senior leadership.
• Excellent analytical, communication, and stakeholder management skills.
• Experience working in healthcare sector or working in environments with health records desirable.

We are not accepting applications from outside of Australia or from recruitment agencies.

You are welcome here.

Our fast-growing team of more than 3,500 people around Australia represent a huge array of life experiences, skills and ways of thinking. We value all these differences.

We are an Equal Opportunity Employer, proudly welcoming people with disability including mental health conditions, people from diverse cultural and linguistic backgrounds, people from the LGBTQI community, veterans, carers and Indigenous Australians to our team.

We are happy to adjust our recruitment process to support accessibility needs.