Business Information Security Manager(BISM)

You’re only human.   

It’s a strange thing to say, because us humans are capable of incredible things. And at Medibank, we know our greatest potential lies in the people who work with us.   

We strive to make real, fundamental change, driven by a simple purpose: to create the best health and wellbeing for all of Australia.  

The Role

Medibank has an opportunity for a senior security leader to play a pivotal role in acting as the intersection between Medibank's various business groups and the Information Security team. This role is crucial in ensuring both that both business objectives and security requirements are seamlessly aligned.

Reporting to the Squad Lead for Business Security Solutions, you will also join the Information Security Risk and Compliance extended leadership team, representing relevant business units and contributing to strategic decision making and leadership discussions.

The BISM acts as a trusted partner and liaison between the Information Security team and our business group and is pivotal in bridging the gap between these groups. You will bring a strategic mindset and serve as the single point of escalation for security-related issues within your portfolio.

Your responsibilities will focus on two key areas:

• Representing the Information Security Hub’s requirements to the business.
• Ensuring business needs are met and exceeded by the Security Hub.

The primary responsibility of the BISM is to protect Medibank’s information systems and data from security breaches, threats, and unauthorised access. Success in this role requires exceptional communication skills, as you will engage with technical teams, business stakeholders, external partners, and peers to articulate security strategies, manage incidents, and provide clear updates on progress. You bring a solution-oriented, value-driven mindset and the ability to balance risk with business objectives. In addition, you will lead or influence virtual teams to scope, deliver, and oversee information security initiatives that align with the needs of your business area.

The Responsibilities:

• Advocate for the alignment of business and security strategies.
• Ensure that security policies and controls align with and support business objectives and goals.
• Work closely with the business to ensure security risk mitigation is embedded into business decision-making and processes.
• Facilitate effective communication between the Information Security Hub and business units, ensuring security requirements are clearly understood and met
• Act as the primary point of contact between the business and security teams, translating complex security concepts into consumable language.
• Reduce security friction by educating business leadership on security threats, vulnerabilities, and the importance of security best practices.
• Identifies and owns the resolution of engagement blockers.
• Oversees, coordinates and is accountable for BU Security programs and projects working collaboratively with the delivery manager and security architects (and any other necessary resources).
• Facilitate collaboration between cross functional teams to deliver security outcomes, ensuring alignment with business requirements.
• Act as the central liaison for security issues and requirements, ensuring the business understands its security obligations and that these are delivered.
• Represent the Information Security Hub at appropriate governance forums, providing business-specific reporting on risks and security issues.
• Identify and assess security risks specific to business operations and contextualise for the business team potential impacts and likelihood.
• Develop commensurate risk mitigation strategies to address emerging threats and vulnerabilities enabling the business in its agility to respond to the threat landscape and regulatory environment. Prepare BU specific risk profiles and reporting and represent the Security Hub at appropriate governance forums.
• Foster a culture of continuous improvement in security practices.
• Implement proactive measures to address emerging threats and vulnerabilities effectively.
• Act as a liaison between business stakeholders, external partners, and the Information Security and the broader D&T team.
• Build strong relationships to ensure that security solutions align with business needs and goals.

About You:

• Ideally 8+ years of experience in a similar or related role such as, head of information security, senior security consultant or security architect.
• Relevant Security Certifications e.g. CISSP, CISM, CRISC, SABSA
• Demonstrated experience in conveying and communicating complex technical security concepts into business taxonomy and present data-driven narratives.
• People leadership skills and experience in leading virtual teams in hybrid matrix organisations.
• Extensive experience in a broad range of system and security technologies.
• Excellent analytical, design thinking and mature problem-solving skills.
• Ability to work through ambiguity, context switch and manage competing priorities.
• Strong engagement skills
• Excellent communication, skills written and verbal.
• Understanding of relevant regulations and standards in the healthcare and insurance sectors (e.g., APRA CPS 234, Privacy Act PCI DSS, NIST, ISO27001, etc) to ensure adherence to compliance requirements.
• Experience in security in a healthcare, insurance or large corporate environment.
• A post-graduate qualification in security or information security would be beneficial but not essential.

Imagine working with us 

We understand that work means different things to everyone...  We know happy, healthy people make great teams, and great teams put more heart into each customer and patient interaction. And that’s why we’re reinventing work.    

Imagine a workplace where work didn't feel like work. A workplace where you could shape when and where you work to have more impact. Where flexible working isn’t a buzzword, it’s a reality.  

Imagine a workplace that helps you and your family thrive.  Where connection, personal development and health and wellbeing are front of mind. To learn more about our benefits go to https://careers.medibank.com.au/culture/rewards-benefits/

For you, work should help you Live Better. It should bring you fulfillment and joy. And with Medibank, it could. 

Inclusion and Accessibility  

We believe in everyone's potential and strive to make Medibank inclusive for all because different perspectives make us better. We encourage applications from everyone, including Aboriginal and Torres Strait Islander candidates, those with disabilities, and LGBTQIA+ community including transgender and gender diverse applicants. 

For any adjustments or alternative formats during the recruitment process, please contact us at careers@medibank.com.au. To learn about our commitments and employee experiences, go to https://careers.medibank.com.au/culture/diversity-inclusion/