Cyber Risk and Compliance Lead

Monash Health is a great place to work

Monash Health is Victoria’s largest and most comprehensive health service. For more than 170 years, Monash Health and its predecessors have provided safe, high-quality healthcare and service for people at every life stage. With 25,500 employees, we provide care across south-eastern metropolitan Melbourne and rural Victoria from over 40 locations; via telehealth, within local communities and in people’s homes.

To see first-hand what our colleagues think about working here, take a look at the following short videos: monashhealth.org/careers.

About the Role 

The Cyber Security Risk and Compliance Lead will play a crucial role within Monash Health's Cybersecurity Team:

• While they are a security generalist within a dynamic team, They will lead the management and resolution of risk, compliance and Third Party assessments.  

• They will setup and operate risk management frameworks for cyber security risk, including compliance with Victorian and Australian laws and integrating with Monash Health’s Risk Frameworks. 

• They will support and conduct control assessments done against those frameworks and requirements, lead reporting on cybersecurity status and drive discussions about cyber risk with key business stakeholders. 

• They will support reporting on cyber risk, and be the primary point of contact for 3rd party risk assessments. 

The Cyber Security Risk and Compliance Lead will be pivotal in ensuring that Monash Health's is secure, resilient, and prepared for the future of healthcare delivery. 

Key result areas: 

• Provide high quality security advice and do so responsively. 

• Lead the establishment and operation of the cyber risk management framework, ensuring timely identification, assessment, and treatment of cyber risks, including ensuring the right stakeholders and processes integrate with the process. 

• Ensure our policies and standards are appropriate to manage our cyber risks, which includes writing new policies, guidelines and leading the periodic reviews. 

• Work with the security team to ensure vulnerabilities and control weaknesses that are identified are recorded and followed up appropriately. 

• Work with other risk, compliance, governance and audit teams to provide a single pane of glass into all cyber activities, risk or compliance actions. 

• Trace compliance requirements or controls identified as being required to the action required and ensure the risk is being managed appropriately. 

• Set, monitor and report on Key Performance Indicators and Key Risk Indicators for Cybersecurity broadly as a part of risk reporting and performance reporting. 

• Support the translation of security requirements into language that describes the business impact to enable collaboration with non-technical and non-cyber stakeholders in the hospital environment. 

• Respond to audits and questionnaires about our current cyber status to the Victorian Department of Health. 

• Share control effectiveness and risk ratings between departments, including with the Emergency Management and Business Continuity, Risk, Legal and Privacy teams. 

• Be on call as a scribe and incident communicator and translator if required for serious security incidents. 

• Provide coaching, training and material to staff involved in communicating and managing cyber security risk. 

• Identify gaps in organisational security capability and draft business cases, designs and requirements to support the delivery of those projects. 

• Consult on the implementation of other tools to enhance asset management, disaster recovery, business continuity, compliance and risk management more broadly. 

• Support your peers in ensuring vulnerabilities, risks, compliance actions etc can be captured and prioritised effectively. 

• Collaborate closely with the Digital and Information team, Risk Management, Emergency Management, and Business Continuity teams to ensure that processes are effective and risks are managed in technology resilience. 

• Foster a proactive cybersecurity culture within Monash Health, promoting awareness and best practices among staff. 

• Develop and maintain a friendly and co-operative working environment; fostering strong working relationships with all colleagues to deliver quality outcomes. 

• Build and leverage relationships internally across managers throughout Monash health. 

• Provide quality assurance for all operational and project deliverables including clear milestone and deliverable descriptions to ensure projects will implement the control as required to address the risk. 

• Participate in ad hoc projects as directed by the Head of Cybersecurity. 

• Other duties as assigned from time to time by the Head of Cybersecurity. 

About You 

Qualifications/registrations/licences (italics indicate desirable):

• Tertiary and/or Industry Qualifications in relevant field 

• Industry Certifications relating to service or project delivery methodologies (such as ITIL, AGILE etc) 

• Industry Certifications relating to the management of Cyber Risk (such as CISM, CISA or CISSP) 

Technical skills/knowledge/experience:

• Advanced analytical troubleshooting skills. 

• Advanced policy writing and architecture skills. 

• Good working knowledge of ISO27001, ISO31000 and other Risk Management frameworks. 

• Good working knowledge of Microsoft 365 and Microsoft Teams/SharePoint. 

• Good working knowledge of Security Assessment frameworks, including NIST, VPSDF, ISO27001, SOC2 and STAR. 

• Good working knowledge of security requirements applying to Victorian Hospitals, including Records Retention, VPSDF, Australian Privacy Act, SOCI or other requirements. 

• Experience in helping others manage ambiguity with deliverables, perhaps with OKRs, KRI setting or other quantifiable metrics that support cyber goals. 

• Skills in providing feedback, listening, and collaborating with stakeholders. 

• Excellent interpersonal and relationship building skills, especially with other business stakeholders. 

Capabilities:  

• Demonstrates respect and collaboration in all interactions. 

• Thinks systematically and strategically to identify problems that need to be addressed proactively. 

• Presents opinions, ideas and/or facts clearly with enthusiasm. 

• Has a growth-oriented mindset, seeking feedback and finding opportunities to move forward. 

• Takes pride in managing own time and resources effectively. 

• Consistently delivers high quality results. 

• Excellent interpersonal and relationship building skills, especially with other technical stakeholders. 

• Ability to work within deadlines and work unsupervised. 

What we offer:  

• Salary packaging  

• On-site fitness centre  

• On-site subsidised car parking  

• Monthly ADO’s (available for full-time employees)  

• Free lifestyle management seminars (superannuation, retirement, etc.)  

• Access to salary packaging, private health insurance and industry banking at competitive rates. 

• Flexible/ Work From Home arrangements

For a confidential discussion and to explore the opportunity further, please call Tristan Lawrence on 0455 466 644.

Position Description can be found here

We recognise the value of equal employment opportunity. We are committed to patient safety, promoting fairness, equity and diversity in the workplace and to Child Safe Standards. At Monash Health we are relentless in our pursuit of excellence and work to our six guiding principles and our five ICare values. 

How to Apply

Applications are accepted via the Monash Health online EHub system. For information including how to apply and probity check requirements, please click here for the ‘Application Guide’

Applications will be screened upon receipt and selection activity may commence prior to the closing date. 

Applications close April 15th, 2025.