Security Grc Consultant

**Will you actively create a healthier future for tomorrow?**

At Medibank and ahm we’re encouraged to think big. We have a clear purpose to impact better health outcomes for our customers, patients and our community.

We celebrate diversity of thought because we want to make better decisions for our customers. As we work towards our goal of better health for better lives, we value the knowledge and contribution of Aboriginal and Torres Strait Islanders. We are working hard to create an inclusive workplace and develop Indigenous careers.

**Enterprise Digital**

We are building an expert team to deliver best in class solutions for our customers. Our mission is to “_Create delightful experiences that help our customers achieve better health_”.

**The Opportunity**

Reporting to the Head of Security Consulting, the Third Party Security Consultant is responsible for defining and maintaining the compliance of third-party assurance standards and providing assistance to the Information Security department.

**How will you add value?**

This position will work with a diverse range of stakeholders to ensure Medibank is compliant with relevant industry obligations (e.g., APRA, PCI-DSS, CPS234) and to provide pragmatical advice and guidance on the implementation of IT Security Policies, Procedures, and controls. This will include actively reporting on cyber security third party risks and issues to relevant parties.

**Further requirements will include**:

- Support and evaluation of implemented IT Security Policies, Standards and Procedures across the organisation;
- Ensure implemented Third Party Security Governance is in line with business expectations and overall enterprise risk appetite;
- Maintain the end-to-end process for third party security risk assessments, from triage through to reporting;
- Review and assess third parties for security risk posture and provide guidance to third parties to support alignment to security expectations and industry leading standards;
- Maintain IT Security Risk Registers to continuously track and drive mitigation and resolution efforts;
- Define third party risk metrics and collate insights for reporting through to senior executives and the Board;
- Identify and understand global industry and market influences - medical, insurance, security, threats landscapes, threat intelligence, geopolitical, innovative security technologies.

**What are we looking for?**

You will have prior experience working within or leading the Third Party Risk space and be able to work independently across multiple third parties and business units at one time and be comfortable with ambiguity. You will have a strong understanding of business drivers impacting IT systems and security and an in-depth understanding of risk management. As the third party lead you will have strong stakeholder management and leadership skills and be comfortable collaborating and driving team members and stakeholders to achieve security risk management objectives.

Hands on experience with Assessment Frameworks (ISAF) to align IT with ISO, PCI-DSS, APRA, NIST, ASD and other regulatory requirements is important along with a general understanding of other IT Security controls including SIEM, endpoint software, FWs, IPS, WAF, UBA, Malware or GRC products

**A career with us**

We believe work is something we do, not somewhere we go. Our modes of working - Collaboration, Connection and Concentration - help inform how your day is structured and where you choose to work will vary, depending on your role and requirements.

All employees who may attend a worksite or any face-to-face work-related activity will be required to be fully vaccinated for COVID-19 as a condition of employment.

We offer a range of great benefits such as subsidised private health insurance, rewards and discounts, and health and wellbeing initiatives. To find out more, click here.

**To start small and impact bigger.