Your role at St John of God Health Care
This is an exciting time to join, as we are digitalising our future through a major investment in technology transformation to enhance patient care and experience. Our Digital Security team is at the forefront of this journey ensuring our systems, data, and people remain secure.
St John of God Health Care (SJOG) are inviting applications for the Head of Governance Risk and Compliance (GRC) within our Group Digital Security team. This is a great opportunity to lead the continued implementation and maturity of the Cyber GRC function across SJOG.
About the Role

The Head of Cyber GRC is a senior position is responsible for leading the delivery, operation and enhancement of cyber security governance, risk and compliance including:

• Drive cyber governance, risk, and compliance across the organisation.
• Lead policy, standards, and compliance programs including SOCI and Essential Eight.
• Oversee the expansion of cyber risk management, cyber third-party assurance, and the cyber awareness and training program.
• Product Owner for Cyber GRC projects.
• Build and embed a strong cyber security resilience and culture through effective reporting, control monitoring, and frameworks.
• Provide executive and board-level reporting insights on cyber risk.
• Lead and mentor the Cyber GRC team.

The Head of Cyber GRC is a member of the Digital Security Leadership Team and reports directly to Group Manager Digital Security (CISO)
About You

We are looking for someone who brings:

• A degree in Information Systems, Cyber Security, or a related field (or 8+ years of equivalent experience).
• Relevant certifications such as CISSP, CISM, CISA, ISO Lead Auditor.
• Hands-on experience running a security governance, risk and compliance function, including risk assessments, control monitoring, and reporting.
• Experience building and operating security frameworks (ACSC Essential Eight, ACSC Information Security Manual, ISO27001/2, NIST CSF).
• Strong stakeholder engagement skills, particularly in third-party risk management.
• Excellent verbal and written communication skills.
• Proven ability to lead and inspire teams, with excellent communication skills.
• Experience with a Big 4 consulting firm, or within health, health insurance, banking or finance industries, will be highly regarded.
• Australian citizen or permanent resident
• Above all, people will be at the core of everything you do committing to and supporting our Mission and Values.

All applicants are asked to submit a covering letter (of no more than two (2) pages) and resume (no more than 5 pages) demonstrating how you meet the above position requirements.

We can offer you

• Salary: $172,700 to $191,900 per annum (total remuneration package inclusive of super).
• Hybrid work: Mix of Melbourne CBD office and work-from-home arrangements available.
• Salary packaging: up to $18,550 on a range of benefits such as mortgage, rent, meal entertainment, holiday accommodation or other everyday living expenses as well as options to salary package benefits above the FBT cap on items such as:
• novated leasing
• work related expenses
• self-education and
• additional superannuation
• Employee discounts: on St John of God Hospital & Medical Services and Private Health Insurance
• Employee Support: through our dedicated free Employee Assistance Program (EAP)
• Work-life balance: flexible work options, additional purchased leave, and well-being programs
• Work for a values-based organisation striving to provide care for people: Hospitality, Compassion, Respect, Justice, and Excellence.

If you are passionate about making a real impact in health care through cyber security, we would love to hear from you.
For further information, please contact Ben Lester, Group Manager – Digital Security (CISO)via email: ben.lester@sjog.org.au
No application from recruitment agencies will be accepted
St John of God Health Care embraces diversity and strongly encourages applications from Aboriginal and Torres Strait Islander peoples and people with disabilities. We are committed to providing a safe environment for all children and vulnerable people in our care and proactively take measures to protect children/vulnerable people from abuse

• Drive cyber governance, risk, and compliance across the organisation.
• Lead policy, standards, and compliance programs including SOCI and Essential Eight.
• Oversee the expansion of cyber risk management, cyber third-party assurance, and the cyber awareness and training program.
• Product Owner for Cyber GRC projects.
• Build and embed a strong cyber security resilience and culture through effective reporting, control monitoring, and frameworks.
• Provide executive and board-level reporting insights on cyber risk.
• Lead and mentor the Cyber GRC team