Security Grc Consultant

**Will you actively create a healthier future for tomorrow?**

At Medibank we’re encouraged to think big. We have a clear purpose to impact better health outcomes for our customers, patients and our community.

We celebrate diversity of thought because we want to make better decisions for our customers. As we work towards our goal of better health for better lives, we value the knowledge and contribution of Aboriginal and Torres Strait Islanders. We are working hard to create an inclusive workplace and develop Indigenous careers.

**About the role**

We’re looking for a remarkable human to join our Security Consulting team, as Security GRC Consultant.

In this role, you will be responsible for aiding the Information Security department. This position will provide pragmatical advice and guidance on the implementation of IT Security policies, procedures, and controls. This will include communicating Medibank's requirements for security as well as the identification of associated risks and opportunities.

The Security GRC Consultant will also be responsible for developing effective, working relationships with Security leadership and technology stakeholders in order to improve technical security solutions and controls across our environment.

Your day-day will vary with opportunities to support internal and external audits, execute third party risk assessments, get involved with initiatives to uplift processes, standards, and requirements, and develop and establish training to provide stakeholders with the necessary cyber security skills and knowledge.

The team work flexibly with innovative ways of working practices and are provided with exciting career and learning opportunities, as we focus on creating a more fulfilled, healthier, and joyful place to work.

**Where you can add value**
- Support and evaluation of implemented IT Security policies, standards, and procedures across the organisation.
- Maintain IT Security Risk Registers to continuously track and drive mitigation and resolution efforts.
- Identify Medibank’s IT Security requirements against key regulatory and industry best practice standards.
- Increase security posture and awareness within the organisation by supporting the delivery of the Security Awareness Training Program, workshops, and other engagements.
- Conduct periodic testing and evaluation of the effectiveness of Security policies, procedures, and controls.
- Develop relationships with key stakeholders throughout Data & Technology and the broader business.

**So, who are we looking for?**

The remarkable human we’re looking to appoint will have proven experience as an information Security Consultant or GRC Consultant and have excellent verbal and written communication skills.

You will have a detailed understanding of business drivers impacting IT systems and security along with the ability to propose, develop, implement, and deliver Information Security Management Frameworks (ISMF) to align with NIST, APRA Prudential Standards, PCI-DSS and other regulatory requirements.

You will have implemented and maintained security standards, guidelines, procedures, and controls, have experience with risk management frameworks and undertaking security risk assessments and reviews.

Experience in the private health industry is advantageous.

**A career with us**

At Medibank, we believe work is something we do, not somewhere we go. Our modes of working - Collaboration, Connection and Concentration - help inform how your day is structured and where you choose to work will vary, depending on your role and requirements.

We offer a range of great benefits such as subsidised private health insurance, rewards and discounts, and health and wellbeing initiatives. To find out more, click here.

**To start small and impact bigger.