Information and Technology Risk

**Join us and let’s make a bigger difference together.**

It’s an exciting time to be joining Australian Unity - we have grown significantly over recent years and are transforming to capitalise on further growth opportunities to help our customers and employees thrive. We operate with commercial principles and with a strong social purpose to create community value. Australian Unity is proud to be an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Established in 1840, we’re Australia’s first member-owned wellbeing company. Today we have over $1 billion in revenue and provide smart solutions and services to more than 700,000 Australians. We employ over 7000 people and our purpose is to **Help People to Thrive**.

**Your New Role**:
The Information and Technology Risk & Assurance Manager will support the delivery of an information and technology risk management and cyber security controls assurance program across the group. Reporting to the Head of Information Technology Risk and as part of the broader Group Risk and Compliance team (Line 2), this role will provide high quality, proactive and commercial risk and compliance services that support delivery of Australian Unity’s strategy and compliance with regulatory requirements. The role is responsible for providing oversight, independent monitoring, independent controls assurance testing and advice on technology and information risk and compliance and for supporting capability and culture initiatives, due diligence, risk assessment and monitoring of outsourced and cloud service providers.

**Your New Role Looks Like This**:

- Support the development and ongoing improvement of enterprise technology and information risk & compliance management including policies, guidance and training to ensure they meet regulator expectations and continue to be fit for purpose given Australian Unity’s strategy and the external environment.
- Influence Technology Leadership Team to prioritise control remediation activities and support technology stakeholders with in execution of the remediation activities from assurance testing, internal audits. external audits or other relevant assurance testing.
- Assess the effectiveness of key controls related to information technology risk and promote a healthy control environment, reduced timeframes to identify control failures and continuous improvement in design and operating effectiveness.
- Manage a systematic program of key cyber security control assurance testing in accordance to the risk profile of the various information assets across the business and manage day-to-day relationship with external consultants to support delivery of the program.
- Assist with a program to increase business awareness of technology and information risk and compliance management including the linkages between risk appetite, risk assessment, control assessment and incident management.
- Provide controls advisory to business stakeholders on information and security risks. Support business stakeholders in reviewing initial and ongoing due diligence for key IT service provider/vendor relationships, including cloud suppliers.
- Actively review the cyber security and threat landscape, including policy and legislative environment to identify potential changes that could impact the management of technology and information risk and ensure these are incorporated into policy, risk appetite, business decision making and planning.

**About You**:

- Relevant tertiary qualifications with a minimum of 10 years of experience in information security risk, cyber security risk, key controls design and assurance, technology, risk, compliance, or audit related discipline is required.
- Relevant cyber security or controls assurance qualifications (CISA, CISSP, PCI-P, CRISC or CISM).
- A strong working knowledge of the legal and regulatory framework relevant to Australian Unity’s business portfolio including information security, outsourcing and cloud security requirements.
- A strong working knowledge of common security frameworks such as NIST 800-53, NIST CSF and various ISO security suite.
- Exposure in data privacy and governance including ethical usage considerations is desirable
- Demonstrated ability to influence others, drive cultural change and gain support for relevant initiatives.

**Your Benefits**:
You will enjoy a range of great employee benefits and rewards including:

- Competitive Remuneration and Incentive Program
- A range of attractive product and service discounts from Australian Unity’s Retail and Wealth Management portfolio - including health insurance and banking products
- Supported Learning and Career Development program
- Flexible Working Arrangements including Work-From-Home days with a real work-life balance
- Available access to LinkedIn Learning courses through our great Learning platform
- Additional paid Wellbeing and Community Volunteer Days yearly