Cyber Governance, Risk and Compliance Lead
Clayton, VIC, AU, 3168
Monash Health exists to reimagine care, so that people can live their best lives.
We provide safe and equitable care, for every stage of life, delivered with world-leading expertise and over 175 years of experience.
As a leading academic health service, we're committed to providing tomorrow's care today by integrating research, teaching and training into everyday practice.
Our team of 24,000 people are full hearted, open minded and all in. Together, we provide more than 250 integrated services for every stage of life at over 50 locations and in the community across south-east Melbourne, Victoria, serving 1.2 million residents in the South Metro Local Health Service Network.
Are you currently part of the team at Monash Health? Use your network login to access the Monash Health Careers portal and discover all the job opportunities open to you, to support growing your career within the organisation.
To see first-hand what our colleagues think about working here, take a look at the following short videos monashhealth.org/careers.
Help shape the future of healthcare at Monash Health and embark on a rewarding career where your dedication makes a difference in people’s lives.
About the Department / Program
The Monash Health Cybersecurity team helps enable safe, resilient and trusted care by protecting the digital systems, information and technologies that support clinical care and business operations. As Monash Health continues to expand its digital capability, connectivity and innovation, the Cybersecurity team plays a critical role in reducing cyber risk, strengthening organisational resilience, and supporting the safe and reliable delivery of services across the organisation.
The Cybersecurity team is responsible for protecting Monash Health’s digital environment, including clinical systems, medical devices, enterprise applications, patient information, workforce technologies and supporting infrastructure. The team works in partnership with stakeholders across the Digital and Information Division and the broader organisation to identify, assess and manage cyber risk, support secure service delivery, and improve cyber maturity and technology resilience.
This includes close collaboration with teams responsible for infrastructure, networks, cloud and platform services, digital health, enterprise applications, architecture, identity and access management, service delivery, project delivery and operational support. The team also works closely with Risk Management, Emergency Management, Business Continuity, Legal, Privacy, Internal Audit, procurement and vendor management, as well as clinical, operational and corporate leaders across Monash Health.
In addition, the team maintains key relationships with the Victorian Department of Health cyber functions, sector partners, external service providers, and relevant assurance and regulatory bodies. The team also supports Monash Health’s obligations under relevant cyber, privacy and critical infrastructure requirements, including the Security of Critical Infrastructure (SOCI) framework, by helping ensure cyber risks, control obligations and resilience requirements are identified, assessed and managed appropriately.
About the Role
Join our team as a Cyber Governance, Risk and Compliance lead on a full time to work at Monash Health based at Clayton. Reporting to the Head of Cybersecurity, The Cyber Governance, Risk and Compliance Lead is responsible for leading cyber governance, risk and compliance activities across Monash Health.
Key Result Areas:
- Lead the establishment, maintenance and continuous improvement of Monash Health’s cyber risk management framework, aligned with the Enterprise Risk Framework.
- Provide timely, high-quality cyber governance, risk and compliance advice to stakeholders across Monash Health.
- Contribute to the development and continuous improvement of Monash Health’s cyber strategy, roadmap, governance and risk management capability, including the identification of capability gaps and improvement initiatives
- Lead the identification, assessment, treatment and reporting of cyber risks, including appropriate governance, escalation and stakeholder engagement.
- Develop, maintain and periodically review cybersecurity policies, standards, guidelines and related governance artefacts.
- Lead or support cyber compliance and assurance activities against relevant internal, Victorian Government, Commonwealth and sector requirements, including the Security of Critical Infrastructure (SOCI) framework where applicable.
- Lead or coordinate cyber control assessments, compliance reviews and assurance activities to evaluate control effectiveness and support risk-based decision-making.
About You
To be successful in this healthcare role, you will bring the following demonstrated skills, experience, and attributes:
- Demonstrated experience in cyber governance, risk and compliance within a large, complex or regulated environment, preferably in healthcare, government or critical infrastructure.
- Strong knowledge of cyber risk management, control assurance, compliance and third-party risk management, including the operation of governance frameworks, risk registers, control monitoring and assurance activities.
- Strong working knowledge of contemporary cyber security frameworks and standards, including ISO 27001, ISO 31000, NIST Cybersecurity Framework, the Australian Government Information Security Manual (ISM) and the Essential Eight.
- Sound knowledge of legislative, regulatory and policy obligations relevant to Victorian public health services, including the Privacy and Data Protection Act 2014 (Vic), Health Records Act 2001 (Vic), and the Security of Critical Infrastructure (SOCI) framework.
- Demonstrated ability to think strategically and systematically, identify emerging issues, manage competing priorities and support risk-based decision-making in a complex service delivery environment.
Qualifications, registrations and licences:
- Tertiary qualification in cybersecurity, information technology, risk, governance, audit, law, business or a related discipline, and/or equivalent relevant experience.
- Relevant industry certification in cybersecurity, risk, audit or governance (for example CISM, CISA, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor or equivalent) would be highly regarded.
- Qualifications or certifications in governance, assurance, audit, privacy, business continuity, resilience or related disciplines would be advantageous.
Why you will love working with us
Ours is a connected team with strong shared values and an unwavering commitment to excellence. We are a highly skilled, collaborative, and welcoming team where the only limit in your career is you. Upon your appointment, we will provide you with:
-
A supportive and cohesive sub-team, working within a larger consumer relations team.
-
Professional development courses, seminars and mentoring.
-
Opportunities for you to use your experience in the role to inform and drive initiatives within the broader units and programs.
-
Salary packaging.
-
Onsite Gym options and ability to join Fitness Passport - your pass to an extensive choice of fitness facilities.
For a confidential discussion and to explore this opportunity further, please reach out to Anthony Neale, Head of Cybersecurity on 0439 693 892
Position Description can be found here
Our Culture and Values
At Monash Health, our people are at the heart of everything we do. Our culture is inclusive, supportive and future-focused, underpinned by clear values and a commitment to continuous improvement.
Our teams play a critical role in bringing our new strategy to life, challenging traditional approaches, embracing innovation, and ensuring every appointment reflects our commitment to equity, transparency and excellence.
You’ll be encouraged to share ideas, contribute to improvement initiatives, and grow alongside experienced professionals who are passionate about what they do.
We are Full Hearted, Open Minded and All In, enabling excellent service delivery and a positive candidate and employee experience every time.
We recognise the value of equal employment opportunity. We are committed to patient safety, promoting fairness, equity and diversity in the workplace and to Child Safe Standards.
How to Apply
Applications are accepted via the Monash Health online EHub system. For information including how to apply and probity check requirements, please click here for the ‘Application Guide’
Applications will be screened upon receipt and selection activity may commence prior to the closing date.
Applications close: 29 July 2026