Apply now »

Manager, Data & Technology Compliance and Certification

Job Requisition Number:  13590
Date:  13 Jan 2026
Location: 

DOCKLANDS, VIC, AU, 3008

You’re only human.   

It’s a strange thing to say, because us humans are capable of incredible things. And at Medibank, we know our greatest potential lies in the people who work with us.   

 

We strive to make real, fundamental change, driven by a simple purpose: to create the best health and wellbeing for all of Australia.  

 

The Role

This role is responsible for managing compliance obligations, monitoring processes, and certification programs for the Data and Technology Division, including PCI DSS and ISO 27001. It ensures alignment with key regulatory and industry standards, including APRA CPS 220, 230, and 234, ISO 27001 and 27005, the NIST Cybersecurity Framework, FAR, and the ACSC Essential Eight.

 

The role oversees the Information Security Management System (ISMS) and the Information Security Policy Framework (ISPF), and leads activities such as certification audits, self-attestations, gap analyses, and the implementation of corrective actions. These responsibilities support continuous compliance, enhance Medibank’s security posture, and mitigate regulatory risk across the Data and Technology Division.

 

The Responsibilities:

  • Ensure effective management of regulatory obligations.
  • Manage compliance assurance activities, including periodic assessments against regulatory and industry standards.
  • Manage ISO 27001, PCI DSS, SOC 2 and other relevant certification audits, coordinating with internal teams and external auditors.
  • Conduct gap analyses and develop remediation plans to address compliance shortfalls.
  • Manage the management attestation and declaration processes
  • Implement a continuous controls monitoring regime.
  • Ensure the ISMS and ISPF policies, procedures, and controls align with applicable regulations and standards.
  • Review and update compliance documentation to reflect evolving requirements.
  • Identify compliance risks and recommend corrective actions to mitigate them.
  • Track and report compliance issues, ensuring timely resolution.
  • Assist the Data and Technology Leadership Team in the management of compliance obligations.
  • Work closely with IT, Security, Privacy, and Group Risk teams to embed compliance obligations into operational practices.
  • Liaise with auditors and certification bodies to facilitate compliance audits and assessments.
  • Drive enhancements to compliance frameworks, monitoring tools, and reporting mechanisms.
  • Stay abreast of regulatory changes and best practices, advising leadership accordingly.
  • Manage the security exemptions process and risk acceptance processes.
  • Manage the Compliance and Certification team
  • Be an active member of the ITSRCA leadership team.
  • Lead and coach direct reports to ensure high levels of collaborative engagement with key stakeholders within Medibank that produce quality outcomes.
  • Support and mentor the team with career development, workload management and operational delivery and continue to build capability through mentoring, training, and development.
  • Promote a culture of empowerment, accountability, and inclusiveness.
  • Drive Medibank’s people strategies by continuously driving a high performing culture, increasing capability, and actively managing talent.

 

About You:

  • 5+ years in compliance, audit, or certification roles focused on data and technology environments.
  • Proven experience managing ISO 27001 and other regulatory certification programs.
  • Strong knowledge of APRA CPS 220/ 230/234, NIST CSF, ISO 27001/27005, FAR, ACSC Essential Eight, and Privacy Act compliance.
  • Experience coordinating with external auditors and regulators.
  • Familiarity with GRC platforms and compliance tracking tools.
  • Any experience in health insurance or critical infrastructure sectors would be beneficial.
  • Certification in data privacy or cybersecurity compliance (e.g., CIPP, CISSP).
  • Knowledge of risk analytics and reporting tools such as Power BI or Tableau. 

 

Imagine working with us 

We understand that work means different things to everyone...  We know happy, healthy people make great teams, and great teams put more heart into each customer and patient interaction. And that’s why we’re reinventing work.    

 

Imagine a workplace where work didn't feel like work. A workplace where you could shape when and where you work to have more impact. Where flexible working isn’t a buzzword, it’s a reality.  

 

Imagine a workplace that helps you and your family thrive.  Where connection, personal development and health and wellbeing are front of mind. To learn more about our benefits go to https://careers.medibank.com.au/culture/rewards-benefits/

 

For you, work should help you Live Better. It should bring you fulfillment and joy. And with Medibank, it could. 

 

Inclusion and Accessibility  

We believe in everyone's potential and strive to make Medibank inclusive for all because different perspectives make us better. We encourage applications from everyone, including Aboriginal and Torres Strait Islander candidates, those with disabilities, and LGBTQIA+ community including transgender and gender diverse applicants. 

 

For any adjustments or alternative formats during the recruitment process, please contact us at careers@medibank.com.au. To learn about our commitments and employee experiences, go to https://careers.medibank.com.au/culture/diversity-inclusion/

 


Job Segment: Information Technology, IT Manager, Database, Data Management, Cyber Security, Technology, Data, Security

Apply now »