Medibank

Business Information Security Manager – BISM

Medibank

full-time

Posted on:

Location Type: Office

Location: Docklands • 🇦🇺 Australia

Visit company website
AI Apply
Apply

Job Level

SeniorLead

About the role

  • Advocate for the alignment of business and security strategies.
  • Ensure that security policies and controls align with and support business objectives and goals.
  • Work closely with the business to ensure security risk mitigation is embedded into business decision-making and processes.
  • Facilitate effective communication between the Information Security Hub and business units, ensuring security requirements are clearly understood and met.
  • Act as the primary point of contact between the business and security teams, translating complex security concepts into consumable language.
  • Reduce security friction by educating business leadership on security threats, vulnerabilities, and the importance of security best practices.
  • Identifies and owns the resolution of engagement blockers.
  • Oversees, coordinates and is accountable for BU Security programs and projects working collaboratively with the delivery manager and security architects (and any other necessary resources).
  • Facilitate collaboration between cross-functional teams to deliver security outcomes, ensuring alignment with business requirements.
  • Act as the central liaison for security issues and requirements, ensuring the business understands its security obligations and that these are delivered.
  • Represent the Information Security Hub at appropriate governance forums, providing business-specific reporting on risks and security issues.
  • Identify and assess security risks specific to business operations and contextualise for the business team potential impacts and likelihood.
  • Develop commensurate risk mitigation strategies to address emerging threats and vulnerabilities enabling the business in its agility to respond to the threat landscape and regulatory environment.
  • Prepare BU specific risk profiles and reporting and represent the Security Hub at appropriate governance forums.
  • Foster a culture of continuous improvement in security practices.
  • Implement proactive measures to address emerging threats and vulnerabilities effectively.
  • Act as a liaison between business stakeholders, external partners, and the Information Security and the broader D&T team.
  • Build strong relationships to ensure that security solutions align with business needs and goals.

Requirements

  • Ideally 8+ years of experience in a similar or related role such as, head of information security, senior security consultant or security architect.
  • Relevant Security Certifications e.g. CISSP, CISM, CRISC, SABSA
  • Demonstrated experience in conveying and communicating complex technical security concepts into business taxonomy and present data-driven narratives.
  • People leadership skills and experience in leading virtual teams in hybrid matrix organisations.
  • Extensive experience in a broad range of system and security technologies.
  • Excellent analytical, design thinking and mature problem-solving skills.
  • Ability to work through ambiguity, context switch and manage competing priorities.
  • Strong engagement skills
  • Excellent communication skills written and verbal.
  • Understanding of relevant regulations and standards in the healthcare and insurance sectors (e.g., APRA CPS 234, Privacy Act PCI DSS, NIST, ISO27001, etc) to ensure adherence to compliance requirements.
  • Experience in security in a healthcare, insurance or large corporate environment.
  • A post-graduate qualification in security or information security would be beneficial but not essential.
Benefits
  • Health insurance
  • Flexible working hours
  • Professional development opportunities

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
security risk mitigationrisk assessmentsecurity policiessecurity best practicesdata-driven narrativesanalytical skillsdesign thinkingproblem-solvingsystem and security technologiesemerging threats
Soft skills
communication skillspeople leadershipengagement skillscollaborationrelationship buildingability to work through ambiguitycontext switchingmanaging competing prioritiescontinuous improvementtranslating complex concepts
Certifications
CISSPCISMCRISCSABSA