Job Title

This role exists to perform IT Governance and Compliance across the IT business environment to ensure operational excellence and continue to deliver services that are compliant with regulatory and organizational requirements.ResponsibilitiesSupport in implementing the IT governance and compliance processes across IT servicesPerform design and operating effectiveness testing for the defined IT controlsConducting control assurance to identify control gaps and recommend solutionsContribute to development, review, operationalisation of IT processesDocument the control evaluation process, including the methodology, testing results, and any identified deficiencies.Compile detailed reports on the effectiveness of internal controls, including any identified weaknesses and recommended improvementsIdentify, assess, and manage Risk incidents and ensure recorded and managed.Periodic reporting on IT Risk and Control TestingIdentify, assess, and manage issues and risks relating to IT servicesDemonstrate understanding of operational risk, control testing methodologies, and related regulatory and compliance standardsPerform risk-based testing activities that independently evaluate the design and effectiveness of controlsRisk in Change triage and risk/control assessments prior to changes Go Live.Effective summarization and reporting of risks into IT Risk ForumMaintain comprehensive documentation and auditready evidence for all control evaluationsFacilitate IT audits by clearly communicating requirements, guiding stakeholders on evidence, coordinating collection, and managing auditor interactions.Escalate audit issues or delays in a timely manner to ensure successful audit closureEnsure compliance with APRA CPS 234, CPS 230, PCI DSS and other regulatory standardsEssential SkillsThree (3) or more years of experience in an IT Risk, Compliance or IT Audit roleDetailed understanding of governance and risk managementProficient in Microsoft tools like SharePoint, Excel, PowerPointExperience in a role balanced between business stakeholders and a central technology service organisationStrong understanding of information security controls and ISMS standards such as SOC 2, ISO 27001/2, COBIT, CRISCExperience operating in a 1st line technology risk functionDemonstrated ability to build confidence and articulate the business value of IT risk & governanceAbility to manage senior stakeholders and build effective relationships across technology & business.Knowledge of NIST, APRA CPS 234, APRA CPS 230 and PCI DSS audit requirementsStrong verbal and written communication skills.Experience in collaborating with multiple stakeholders across functional and technical skill setsEducation Level: Graduate Degree (e.g. BIT, BSc) or equivalent work experience in Information Technology or an equivalent engineering disciplineCertifications, such as CISSP, CRISC, CISA, CIPP, CISM, aren''t a prerequisite however are well regardedGood analytical and problem-solving skillsAbility to adapt to change, operate with ambiguity and continuously learnMust be able to demonstrate strong alignment to HCF ValuesMust possess a positive attitude and excellent team playerAbout HCF At HCF, our purpose is to bring our human touch to healthcare. Since 1932 we''ve been putting our members and their health first. As Australia''s largest not-for-profit health fund, we cover 2 million members with health, life, travel and pet insurance and our vision is to make healthcare understandable, affordable, high quality and member centric.We want to be true health partners to our members, easily guiding the healthcare choices that are right for them. At HCF, our values are the way we do things and create the necessary culture to help us realise our purpose and deliver our Strategy. Living our values in action we step forward, walk in their shoes, stay human, make it better and get there together.Culture & Benefits Purpose-driven passionWe''re united by a common purpose: to make healthcare affordable, understandable, high quality and member-focused.Wellness and work-life balanceWe''ll empower you with the necessary skills and tools to support your personal wellbeing journey, ensuring you perform at your best. Our offerings include:Flexible working arrangements50% subsidy on HCF hospital and/or extras coverFamily-friendly certified employer18 weeks of parental leave for all new parentsMental health and wellbeing programs, including workshops, fitness classes, flu vaccinations, skin checks and moreDiscounts on HCF''s products, including life, pet and travel Insurance, as well as discounts at Fitness First gyms and on our eyecare products.Collaboration and inclusivityWe embrace diversity as our strength and are committed to maintaining an inclusive and collaborative work environment. Our workplace is welcoming and safe for all our employees, irrespective of their unique characteristics including age, ethnicity, cultural or spiritual background, gender identity, disability, education and socio-economic status.Continuous learning and growthWe believe in lifelong learning. HCF provides opportunities for personal and professional development. From workshops to mentorship programs, we encourage your growth and curiosity.Next steps If you require any adjustments to assist you in making your application or during the recruitment or onboarding process, please reach out to Talent Acquisition to discuss.We encourage applicants to submit their applications at their earliest convenience, as at HCF, we review applications as they are submitted, and may have filled the role prior to the job closing date.