Security Product Owner

Will you actively create a healthier future for tomorrow?

At Medibank and ahm we’re encouraged to think big. We have a clear purpose to impact better health outcomes for our customers, patients and our community.

We celebrate diversity of thought because we want to make better decisions for our customers. As we work towards our goal of better health for better lives, we value the knowledge and contribution of Aboriginal and Torres Strait Islanders. We are working hard to create an inclusive workplace and develop Indigenous careers.

The Opportunity

Reporting to the Head of IT Operations, the Security Product Owner is responsible for owning and driving the security core service initiatives and architecture for Medibank’s information security domain, which will incorporate multiple key technology solutions and platforms spanning multiple teams. This is a 12 month Contingent contract role where you will be accountable for driving the delievery and implementation of information security strategies, architectures and roadmap to support Medibank’s business objectives, risk management strategies, and contribute to the ongoing strengthening of Medibank’s security maturity and posture.

The role will collaborate closely with the Chief Information Security Office, Information Security and Operations teams, Program/Delivery Leaders and other Architects to provide expert guidance and support in the design and implementation of secure and robust solutions that ensure the confidentiality, integrity, and availability of sensitive data and mitigate potential risks. Working as a Security Product Owner is a ‘hands on’ role requiring the delivery of impactful and outcome-focused security planning and architecture services for Medibank. 

About you

Medibank is embarking upon an enterprise-wide security journey. This unique opportunity will enable the right candidate to have a lasting positive impact on Australia's largest health organisation

You will have extensive experience in technical architecture and deisgn along with the delivery of enterprise security architecture engagements and capability uplift (e.g. architecture processes, practices, standards, patterns/frameworks, governance).  Your prior experience in defining and delivering sound, contemporary and pragmatic approaches for information security, inclusive of strategic direction, current state assessments, target blueprints and roadmaps will be critical.

Demonstrated track record of successfully delivering enterprise security architecture outcomes in collaboration with platform and technology teams will be required along with your ability to engage, influence, and negotiate program / initiative alignment to the strategic direction for information security.

You will have experience in security solution architecture designs to successful solution delivery and operations, across waterfall and agile delivery methodologies.

Proven experience and knowledge of solutions and technologies relevant to enabling enterprise information security capabilities will be required such as:

• Governance (such as Risk & Compliance Management, and Audit)
• Prevention (such as IAM/RBAC, Asset Management, Data Security & Privacy, Firewall/Network/Endpoint Security, Malicious Code Protection, Application Security, Vulnerability Mgmt, Cloud Security, Encryption)
• Detection (such as Intrusion detection/prevention, SIEM)
• Incident Response & Recovery (such as Discovery, Forensics, Backup & Recovery)

Demonstrated experience in applying the NIST Cybersecurity Framework and other relevant security frameworks and standards (e.g. ISO27001, PCI-DSS, CPS234) to assess maturity, plan improvements and drive capability uplift will also be required.

A career with us

We believe work is something we do, not somewhere we go. Our modes of working – Collaboration, Connection and Concentration – help inform how your day is structured and where you choose to work will vary, depending on your role and requirements.

The wellbeing of our employees is our priority. We encourage you to talk to us about any adjustments or additional support you may require during the recruitment process, as well as how this role can be flexible for you. Virtual interviews are always on offer and will not adversely impact your application.

To start small and impact bigger.