Avant is Australia's leading medical defence organisation with a proud heritage of protecting Australian medical professionals for over 130 years. Avant now represents 85,000 health practitioners and medical students across every state and territory, delivering market leading products and services to meet their professional, personal and practice needs. Building on this heritage, our vision is to be the most trusted professional partner in supporting doctors throughout their lives and careers. As a mutual organisation, owned by members and run purely for their benefit, our members are at the centre of all we do. As well as providing products and services to our member, we play a broader community role by advocating for improvements in the healthcare system and in quality, safety and professionalism in medicine, through delivering education and research activities. About the role:Working directly with the CISO, our approved security uplift program will offer you varied and interesting work as part of an innovative, collaborative and growing team. The Senior Information Security GRC (Governance, Risk, and Compliance) Officer plays a crucial role in developing, implementing, and managing the information security governance framework. This role supports compliance with regulatory requirements, mitigates risks, and aligns security practices with industry standards, enabling a secure and resilient insurance business.Key responsibilities: Governance Support development, implementation and operationalisation of the information security governance framework, policies, and procedures in line with regulatory standards, including APRA CPS 234, NIST, Essential 8, and ISO 27001.Support alignment of information security objectives with broader business goals and strategies.Support development of security metrics, KPIs and regular reporting to senior leadership and board committees.Conduct risk assessments to identify, evaluate, and prioritise information security risks, providing recommendations for mitigating measures.Monitor the risk landscape, including emerging threats, vulnerabilities, and technological changes.Collaborate with various business units to embed a risk-aware culture and drive a proactive information security approach.Collaborate with 3 lines of defence to manage information security risks, issues, actions, and incidents Compliance Support compliance with relevant regulations, including APRA CPS 234, CPS 230, Australian Privacy Principles, and other regulations and standards where applicable.Lead the audit process for information security and track findings and remediations to closure including evidence collection, documentation and reporting.Maintain documentation and evidence to demonstrate adherence to security standards and regulatory requirements.Support incident reporting processes to document, risk assess and report incidents to internal and external stakeholders.Contribute to post-incident reviews and recommend improvements to reduce future risk exposure. Training and Awareness Support information security awareness training programs for employees to promote best practices.Support regular updates to staff on the evolving information security landscape and regulatory changes.To be successful you will have:Bachelor's degree in Information Security, Cybersecurity, IT, Risk Management, or a related field.Certifications: CISM, CISA, CRISC, or ISO 27001 Lead Implementer/Lead Auditor preferred.3-5 years of experience in cybersecurity governance, risk management, or compliance roles, preferably in the insurance or financial services industry.Strong knowledge of APRA CPS 234 (essential), ISO 27001/27035, NIST, Essential 8, and other relevant cybersecurity frameworks.Proven experience managing regulatory audits and risk assessments.Regulatory Knowledge: Deep understanding of Australian financial regulations, including APRA requirements.Risk Management: Experience in identifying and managing security risks across multiple business functions.Technical Understanding: Familiarity with IT infrastructure, cloud services, and cybersecurity technologies.Communication: Strong ability to articulate complex cybersecurity topics to non-technical audiences and senior management.Problem-Solving: Ability to proactively identify issues, propose solutions, and drive change.Leadership: Demonstrated ability to work with cross-functional teams and influence organizational change. Why work at Avant? At Avant, our people are the centre of everything we do for our members. We offer a range of benefits and opportunities to enable you to make a difference, learn, and grow in your career. We value our people by offering an inclusive workplace with a diverse range of benefits, flexible working options, career development, and internal mobility opportunities. Our flexible working arrangements are designed to enable genuine work-life balance. Your development is our priority and we have a variety of learning and development programs that will support you in your career. We offer support to our people via Employee Assistance Program (EAP), Health and Wellbeing programs, Tertiary Education Sponsorship and Support. We have a diverse and connected work environment where your contribution and ideas will be valued and respected and make a real difference to the lives of others. Please note: Avant Mutual is a vaccinated employer. Prior to the commencement of your employment by Avant, you are required to be fully vaccinated against the Covid-19 virus or have a medical certificate stating that you cannot receive a Covid-19 vaccination for valid medical reasons.
#J-18808-Ljbffr