Senior GRC Specialist

JobsCloseBy Editorial Insights

Medibank is seeking a Senior GRC Specialist to lead design, implementation and improvement of risk and control frameworks for D&T, combining day-to-day risk advisory with GRC administration onsite in Docklands. You’ll align with APRA CPS 220/230/234 ISO 27001/27005 and NIST, and partner with D&T, Group Risk & Compliance, Internal Audit, Legal and Privacy to embed a risk culture and deliver audit ready governance reporting, dashboards and KRIs. Key requirements: 5+ years in risk governance or management within tech or data, hands-on risk frameworks and GRC tooling; desirable degrees and certifications. Tips for application: tailor your CV to show measurable risk improvements, provide dashboard examples, highlight cross-functional collaboration and audit readiness, and share any accessibility needs.

You’re only human.   

It’s a strange thing to say, because us humans are capable of incredible things. And at Medibank, we know our greatest potential lies in the people who work with us.   

We strive to make real, fundamental change, driven by a simple purpose: to create the best health and wellbeing for all of Australia.  

About the role:

We are looking for a Senior GRC Specialist to support implementation, maintenance and continuous improvement of operational risk and control frameworks across D&T. This role combines day-to-day risk management advisory (Line 1.5) with governance design, GRC system administration and regulatory alignment (APRA CPS 220/230/234, ISO 27001/27005, FAR, NIST Cybersecurity Framework). You will work closely with D&T teams, Group Risk & Compliance (Line 2), Internal Audit (Line 3), Legal, Privacy and other stakeholders to embed a strong risk culture and deliver timely, audit ready governance reporting. 

Key responsibilities:

• Maintain and improve D&T risk and control frameworks: update taxonomies, controls libraries and governance protocols. 
• Operate and administer the GRC system: maintain risks, controls, obligations, actions and KRI registers; ensure data integrity and accurate linkages. 
• Conduct risk assessments for business and technology activities; evaluate control effectiveness and recommend treatments. 
• Monitor KRIs and action tracking; flag trends and breaches and escalate appropriately. 
• Prepare risk dashboards, heatmaps and materials for governance forums, Board/Executive reporting and the CIO/D&T leadership. 
• Support obligation management and the annual risk profiling process. 
• Contribute to governance forums and cross functional risk initiatives; collaborate with Group Risk, Security, Technology and Business teams. 
• Ensure compliance with relevant regulatory and industry frameworks; support internal and external audits and attestation processes. 
• Promote continuous improvement of GRC practices and risk governance across D&T. 

What we’re looking for: 

• 5+ years’ experience in risk governance or risk management roles within technology, security or data domains. 
• Hands on experience with operational risk frameworks, risk assessments and control monitoring. 
• Practical experience with GRC tools (risk registers, controls, actions, issues). 
• Familiarity with APRA CPS 220/230/234, ISO 27001/27005, FAR, NIST Cybersecurity Framework or similar. 
• Proven ability preparing risk reporting and materials for management and governance forums; experience maintaining KRIs. 
• Strong analytical, communication and stakeholder engagement skills; detail oriented and audit ready documentation focus. 

Desirable: 

• Degree in Risk Management, Business, IT or related field. 
• Governance/risk certifications (CRISC, CISA, CGEIT, COBIT, ISO 31000). 
• Experience in regulated industries such as health insurance or critical infrastructure. 

Imagine working with us 

We understand that work means different things to everyone...  We know happy, healthy people make great teams, and great teams put more heart into each customer and patient interaction. And that’s why we’re reinventing work.    

Imagine a workplace that helps you and your family thrive.  Where connection, personal development and health and wellbeing are front of mind. To learn more about our benefits go to https://careers.medibank.com.au/culture/rewards-benefits/

For you, work should help you Live Better. It should bring you fulfillment and joy. And with Medibank, it could. 

Inclusion and Accessibility  

We believe in everyone's potential and strive to make Medibank inclusive for all because different perspectives make us better. We encourage applications from everyone, including Aboriginal and Torres Strait Islander peoples, neurodivergent candidates, LGBTQIA+ community including transgender and gender diverse candidates and candidates with a disability.

If you need adjustments or alternative formats at any stage of the recruitment or employment journey, we’re here to help.  You can let us know directly in the application form, or if you’d prefer to discuss before applying, please reach out to us [email protected] or (03) 8622 5666. Learn more about our commitments and employee stories at https://careers.medibank.com.au/diversity-inclusion/(please copy and paste the URL onto your browser)

Medibank proudly recognised as Best Enterprise Organisation, 2026 AFR BOSS Best Places to Work