Security Policy & ISMS Specialist

Will you actively create a healthier future for tomorrow? 

At Medibank we’re encouraged to think big. We have a clear purpose to impact better health outcomes for our customers, patients and our community. 

 
We celebrate diversity of thought because we want to make better decisions for our customers. As we work towards our goal of better health for better lives, we value the knowledge and contribution of Aboriginal and Torres Strait Islanders. We are working hard to create an inclusive workplace and develop Indigenous careers. 

Medibank has bold 2030 Vision to deliver the best health and wellbeing for Australia increasingly relies on succeeding in Digital. Digital platforms and engineering services will be a critical enabler for future health and insurance experiences we deliver to our customers. The current Digital platforms have strong capabilities but for us to win in the context of 2030 vision, our digital assets will need to be reimagined and further evolved that is scalable, increases agility and accelerate solution delivery with improved security posture. 

We're seeking a passionate and experienced Security Policy and ISMS Specialist to lead the governance and continuous improvement of our enterprise security framework. This is a key role in ensuring our compliance with industry standards and regulatory requirements, while fostering a strong security culture across the organisation. This is an inital 6-month contract.

What You’ll Be Doing

• Policy & Standards Governance: Develop and maintain enterprise-wide security policies, standards, and guidelines aligned with frameworks like ISO 27001, NIST CSF, PCI DSS, and APRA CPS 234.
• ISMS Management: Oversee the lifecycle of Medibank’s ISMS documentation and support ISO 27001 certification activities including audits, reviews, and committee coordination.
• Compliance & Risk: Monitor adherence to internal policies and external obligations, support risk assessments, and manage security exceptions and audit responses.
• Awareness & Training: Drive security awareness initiatives and provide guidance on policy implementation across the organisation.
• Stakeholder Engagement: Collaborate with teams across Security, Risk, Legal, Procurement, and more to ensure alignment and continuous improvement.

Experience

• Proven experience in information security governance, policy development, and ISMS management.
• Strong understanding of ISO/IEC 27001, with experience supporting certification processes.
• Familiarity with regulatory frameworks such as APRA CPS 234, PCI DSS, and NIST CSF.
• Excellent communication and stakeholder management skills.
• Relevant certifications such as ISO 27001 Lead Auditor, CISSP, CISM, or CISA are highly desirable.

A career with us 

At Medibank, we believe work is something we do, not somewhere we go. Our modes of working – Collaboration, Connection and Concentration – help inform how your day is structured and where you choose to work will vary, depending on your role and requirements.   

The wellbeing of our employees is our priority. We encourage you to talk to us about any additional support you may require during the recruitment process, as well as how this role can be flexible for you. We encourage applications from candidates with a disability, if you require any adjustments or alternate formats of key information at any stage of the recruitment process, we welcome hearing from you.