Security Compliance Lead

**Will you actively create a healthier future for tomorrow?**

At Medibank we’re encouraged to think big. We have a clear purpose to impact better health outcomes for our customers, patients and our community.

We celebrate diversity of thought because we want to make better decisions for our customers. As we work towards our goal of better health for better lives, we value the knowledge and contribution of Aboriginal and Torres Strait Islanders. We are working hard to create an inclusive workplace and develop Indigenous careers.

**The Opportunity**

At Medibank, we are continuously looking at ways to develop, maintain and support security controls across the organisation which is why we are on the lookout for a technical and analytical Security Compliance Lead who is an inspiring leader, has a curious eye, and is looking to solve complex problems in a challenging environment using state of the art security solutions.

The Security Compliance Lead will be responsible for leading and managing the security compliance function, and aiding audits and assessments against appropriate controls frameworks like NIST CSF, CIS, PCI DSS, CPS234, etc.

**In this role, your responsibilities will include**:

- Setup and manage a Security Compliance function and provide functional and technical leadership and guidance to the team
- Utilising your extensive knowledge of security technologies, information systems, processes, and procedures, you will play an instrumental role in mentoring and coaching the team
- Promote learning and development within the team through assignments and exercises to introduce them to newer ways of working, methodologies, and technologies
- Prepare a Comprehensive Security Compliance Framework and maintain a list of technical controls to validate Medibank environments against on a real-time ongoing basis
- Work closely with internal and external stakeholders to ensure understanding and adherence to compliance requirements and drive risk-based mitigations to align compliance efforts with Medibank’s goals and strategies
- Provide assistance to the Security Consulting team during audit and assessment activities based on the information gathered as part of compliance framework and technical controls validations
- Set up comprehensive reporting by implementing a state-of-the-art tool around risk and compliance monitoring to help visualize compliance and technology risk across the Enterprise

**About you**:

- Experience in setting up and leading the security compliance function, and aiding audits and assessments against appropriate controls frameworks like NIST CSF, CIS, PCI DSS, CPS234, etc.
- Highly technical and analytical, possessing 5+ years in one or more of the following roles, IT operations, Security Consulting, System engineering, or Security Analyst
- 3+ years’ experience in information security or a related field
- Experience in mentoring, coaching, and leading a team to ensure they develop into highly skilled Security Compliance Analysts
- Data and risk-driven analytical approach toward solving complex challenges and driving improvements over time
- Experience with one or more asset management, vulnerability management, or reporting tools like Tenable, runZero, Falcon Discover and Spotlight, Tableau, Quicksight
- Deep understanding of IT risk management principles and practices
- One or more security-related certifications, such as CISSP, CEH, CISA, CISM, SECURITY+, etc. (Desirable)

**A career with us**

At Medibank, we believe work is something we do, not somewhere we go. Our modes of working - Collaboration, Connection and Concentration - help inform how your day is structured and where you choose to work will vary, depending on your role and requirements.

We offer a range of great benefits such as subsidised private health insurance, rewards and discounts, and health and wellbeing initiatives. To find out more, click here.

**To start small and impact bigger.