Information Security GRC Lead
Information Security GRC Lead
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
About us:
A wholly owned subsidiary of the Pharmacy Guild of Australia Guild Group Holdings is an APRA regulated entity and provides specialist services to support the Australian Allied Healthcare and Community Services sectors to enable improved health and wellbeing outcomes for all Australians. Its how were there for those our communities rely on.
Our employee experience:
We thrive together at Guild Group. Our people feel truly connected to our purpose and are motivated by it. With our eyes on the future our people thrive on a challenge and learn from each other. Guild Group team members truly care about each other and our customers and everyone contributes to make a real difference by supporting the people our communities rely on.
Your new role:
Reporting to the Head of Information Security the newly created Information Security GRC Lead is responsible for managing and enhancing the organisations Security Governance Risk & Compliance (GRC) and Data & Privacy Protection programs. The role ensures compliance with regulatory and internal requirements while safeguarding sensitive data. It also supports Business Continuity Disaster Recovery and Data Governance initiatives driving continuous improvement and ensuring organisational resilience.
Core accountabilities:
Security Governance Risk & Compliance
- Develop and maintain security frameworks policies standards and awareness programs.
- Identify assess and manage security risks including thirdparty and AIrelated risks.
- Design test and manage security controls and maintain the Security Controls Library.
- Prepare and present security reports and support internal and external audits.
- Monitor regulatory compliance and support business continuity and disaster recovery planning.
Data & Privacy Protection
- Develop and implement data protection classification privacy and retention policies.
- Conduct Data Protection Impact Assessments (DPIAs) to manage data protection risks.
- Oversee cryptographic controls and the management of sensitive data inventories.
- Support the development of data governance frameworks and procedures.
- Maintain data privacy practices to ensure compliance and protect sensitive information
The role will also recommend security policy and standards improvements and review and approve risk mitigation compliance actions and vendor deliverables for HoIS signoff.
About you:
- Degree in computer science Information Systems or related field
- Appropriate certification such as Certified ISO 27001 and ISO 22301 Lead Auditor/Implementor CISM and CRISC (ISACA) and ITIL certified.
- Proven experience (circa 10 years) in Information Security GRC roles IT Governance & Risk Manager or similar role.
- Experience with ISO 27001 FAIR NIST CSF PCI DSS and other Security Frameworks.
- Experience working in an APRA regulated organisation and experience of compliance with CPS 234 CPS 230 and other regulatory standards.
- Australian Privacy Law OAIC APPs and ASIC Cyber Resilience Good Practices etc.
What we offer
- Remuneration package 15 annual short term incentive
- Hybrid working arrangement 2 days in office 3 days from home and every second Friday)
- The opportunity to work as part of a newly formed Information Security function.
- Paid parental leave for eligible staff and an extra day of paid leave in addition to annual leave entitlements
- Enhanced longservice leave
- Staff discounts and offers with leading retailers and an innovative Employee Assistance Programme
- Wellbeing initiatives learning opportunities and purpose led businesses.
If you have any questions please email Jason at Please do not apply via email
Employment Type
Full-Time
