Security Risk, Governance and Compliance Manager - Work from Home or Remotely

Engineering · Australia, New South Wales
Department Engineering
Employment Type Full-Time
Minimum Experience Mid-level

About Prospection


Prospection is a pioneer in healthcare data analytics. Using predictive analytics and machine learning with real-world healthcare data to unearth insights that help research, develop and target better healthcare outcomes for patients.


We analyse large health care data sets (script claims, EMR, Registry, Insurance, Supply Chain, CRM) to provide real-world evidence insights, improve medication utilisation and health outcomes.


Founded out of Sydney’s Cicada Innovations in 2012, Prospection works with government, pharmaceutical companies and the medical community across more than 70 therapy programs, including immuno-oncology, HIV and hepatitis, in Australia and Asia Pacific. Prospection is backed by investors including Main Sequence Ventures, and Horizons Ventures.


Vision & Values


Integrity - Always do the right thing 

Collaboration – Everyone plays, everyone contributes

Customer focus – Get to the heart of the matter, create impact beyond expectations

Innovation – Bring the future into the present

Expert – Be the “go-to” person


The Opportunity


This is a key role that will assist Prospection with the ongoing expansion of our business internationally and lead the implementation of best practice solutions in security, risk, governance, and compliance.

 

We are seeking a Security Risk, Governance and Compliance Manager to ensure that the security, governance, compliance, and assurance requirements are defined, communicated, and adequately addressed within the organisation. This role will include demonstrating compliance with relevant industry standards and providing assurance that security requirements are met, and security controls are in place to be able to identify, protect, detect, respond, and recover from security incidents.  We are currently well advanced in preparations for completing ISO27001 with the assistance of external consultants.

 

This exciting role will report to the CIO, and work closely with the CFO on risk, and Head of Data and Partnerships on data governance.  There will be a need for cross functional collaboration including with members of the Information security and data governance steering committee.

 

ISO Compliance – Complete and maintain an ISMS framework based on (ISO) 27001 and any other relevant frameworks or standards applicable to the organisation.

 

Governance and Security Frameworks– Enhance compliance program elements with respect to the confidentiality, integrity and availability of data and data governance.


Future Proofing – Ensure compliance and currency of relevant laws and regulations that apply to the future growth and strategic direction of the organization.

 

Accountabilities


    • Complete and maintain an ISMS framework based on ISO/IEC 27001, risk, privacy and any other relevant frameworks or standards applicable to the organisation.
    • Develop, maintain, and improve security policies, standards, procedures, guidelines, and process documentation.
    • Collaborate with the Operational teams and members of the Information security and data governance steering committee in the design, implementation, and compliance of Privacy programs across relevant geographies.
    • Ensure security risk management is documented and carried out consistently across the organisation and aligned with the enterprise risk management framework.
    • Manage security and general risks within the risk register and provide ongoing reporting on risk remediation activities.
    • Develop and operationalise a metrics and reporting framework to measure the efficiency and effectiveness of security controls. Provide regular reporting on control efficiency and effectiveness.
    • Enhance compliance program elements with respect to the confidentiality, integrity, and availability of data.
    • Ensure compliance and currency of relevant laws and regulations that apply to the future growth and strategic direction of the organization e.g., HIPAA, GDPR.
    • Identify opportunities for operational improvement, manage operational budget and participate in the implementation of related action plans.
    • Maintain effective working relationships with Customers, Management, External Auditors and Third Parties.

     

    Essential Criteria

    • 5+ years of experience in an IT information security compliance and assurance role, especially implementing security controls and strategy in IT/OT convergence.
    • Experience in working in healthcare settings, managing healthcare datasets would be highly regarded.
    • Experience with implementation and maintenance of Compliance Frameworks such ISO (9001 and 27001)
    • Experience or pursuit of regulated compliance certification.
    • Possess strong oral and written communication, presentation, organization, and time management skills.
    • Results-driven and detail-oriented team player.


    Benefits


    • Flexible and remote working options
    • Stimulating and diverse problems to solve
    • Great team culture
    • Lots to learn

     

    As a team player, you enjoy learning new skills from your colleagues and sharing your knowledge with others. You should have a strong work ethic, whilst making time to have fun at the end of the day.


    If you are interested in applying for this opportunity, please submit your most up to date resume


    *Note: For the time being our team is fully supported and successfully working and delivering on projects remotely or from home. The health and wellbeing of our employees and clients is important to us, we have implemented and continue to practice COVID safe policies, informed by the health advice obtained from NSW Health and Federal Government Health Agencies.

     

    We respectfully acknowledge the Traditional Owners of the land on which we work and learn, and pay respect to the First Nations Peoples and their elders, past, present and future.

    Thank You

    Your application was submitted successfully.

    • Location
      Australia, New South Wales
    • Department
      Engineering
    • Employment Type
      Full-Time
    • Minimum Experience
      Mid-level