Head of Cyber Governance, Risk and Compliance

Your role at St John of God Health Care This is an exciting time to join as we are digitalising our future through a major investment in technology transformation to enhance patient care and experience. Our Digital Security team is at the forefront of this journey ensuring our systems, data and people remain secure. St John of God Health Care (SJOG) invites applications for the Head of Governance Risk and Compliance (GRC) within our Group Digital Security team. This is a great opportunity to lead the continued implementation and maturity of the Cyber GRC function across SJOG. About the Role The Head of Cyber GRC is a senior position responsible for leading the delivery, operation and enhancement of cyber security governance, risk and compliance, including: Drive cyber governance, risk and compliance across the organisation. Lead policy, standards and compliance programmes including SOCI and Essential Eight. Oversee the expansion of cyber risk management, third‑party assurance, and the cyber awareness and training programme. Product Owner for Cyber GRC projects. Build and embed a strong cyber security resilience and culture through effective reporting, control monitoring and frameworks. Provide executive and board‑level reporting insights on cyber risk. Lead and mentor the Cyber GRC team. The Head of Cyber GRC is a member of the Digital Security Leadership Team and reports directly to the Group Manager Digital Security (CISO). About You We are looking for someone who brings: A degree in Information Systems, Cyber Security or a related field (or 8 years of equivalent experience). Relevant certifications such as CISSP, CISM, CISA or ISO Lead Auditor. Hands‑on experience running a security governance, risk and compliance function including risk assessments, control monitoring and reporting. Experience building and operating security frameworks such as ACSC Essential Eight, ACSC Information Security Manual, ISO27001/2 or NIST CSF. Strong stakeholder engagement skills, particularly in third‑party risk management. Excellent verbal and written communication skills. Proven ability to lead and inspire teams. Experience with a Big 4 consulting firm or within health, insurance, banking or finance industries will be highly regarded. Australian citizen or permanent resident. Above all, people will be at the core of everything you do, committing to and supporting our Mission and Values. All applicants are asked to submit a covering letter (no more than two pages) and a resume (no more than five pages) demonstrating how you meet the above position requirements. We can offer you Salary: $172,700 to $191,900 per annum (total remuneration package inclusive of super). Hybrid work: mix of Melbourne CBD office and work‑from‑home arrangements available. Salary packaging: up to $18,550 on a range of benefits such as mortgage, rent, meal, entertainment, holiday accommodation and other everyday living expenses as well as options to salary package benefits above the FBT cap on items such as novated leasing, work‑related expenses, self‑education and additional superannuation. Employee discounts: on St John of God Hospital & Medical Services and Private Health Insurance. Employee Support: through our dedicated free Employee Assistance Program (EAP). Work‑life balance: flexible work options, additional purchased leave and well‑being programmes. Work for a values‑based organisation striving to provide care for people: Hospitality, Compassion, Respect, Justice and Excellence. If you are passionate about making a real impact in health care through cyber security we would love to hear from you. For further information please contact Ben Lester, Group Manager Digital Security (CISO) via email: . No application from recruitment agencies will be accepted. St John of God Health Care embraces diversity and strongly encourages applications from Aboriginal and Torres Strait Islander peoples and people with disabilities. We are committed to providing a safe environment for all children and vulnerable people in our care and proactively take measures to protect children and vulnerable people from abuse. #J-18808-Ljbffr