IT Risk, Audit and Governance Specialist

HCF • Full-time • Sydney CBD (Office), Australia • 2w ago

This role exists to perform IT Governance and Compliance across the IT business environment to ensure operational excellence and continue to deliver services that are compliant with regulatory and organizational requirements.

Responsibilities

Support in implementing the IT governance and compliance processes across IT services
Perform design and operating effectiveness testing for the defined IT controls
Conducting control assurance to identify control gaps and recommend solutions
Contribute to development, review, operationalisation of IT processes
Document the control evaluation process, including the methodology, testing results, and any identified deficiencies.
Compile detailed reports on the effectiveness of internal controls, including any identified weaknesses and recommended improvements
Identify, assess, and manage Risk incidents and ensure recorded and managed.
Periodic reporting on IT Risk and Control Testing
Identify, assess, and manage issues and risks relating to IT services
Demonstrate understanding of operational risk, control testing methodologies, and related regulatory and compliance standards
Perform risk-based testing activities that independently evaluate the design and effectiveness of controls
Risk in Change triage and risk/control assessments prior to changes Go Live.
Effective summarization and reporting of risks into IT Risk Forum
Maintain comprehensive documentation and audit‑ready evidence for all control evaluations
Facilitate IT audits by clearly communicating requirements, guiding stakeholders on evidence, coordinating collection, and managing auditor interactions.
Escalate audit issues or delays in a timely manner to ensure successful audit closure
Ensure compliance with APRA CPS 234, CPS 230, PCI DSS and other regulatory standards

Essential Skills

Three (3) or more years of experience in an IT Risk, Compliance or IT Audit role
Detailed understanding of governance and risk management
Proficient in Microsoft tools like SharePoint, Excel, PowerPoint
Experience in a role balanced between business stakeholders and a central technology service organisation
Strong understanding of information security controls and ISMS standards such as SOC 2, ISO 27001/2, COBIT, CRISC
Experience operating in a 1st line technology risk function
Demonstrated ability to build confidence and articulate the business value of IT risk & governance
Ability to manage senior stakeholders and build effective relationships across technology & business.
Knowledge of NIST, APRA CPS 234, APRA CPS 230 and PCI DSS audit requirements
Strong verbal and written communication skills.
Experience in collaborating with multiple stakeholders across functional and technical skill sets
Education Level: Graduate Degree (e.g. BIT, BSc) or equivalent work experience in Information Technology or an equivalent engineering discipline
Certifications, such as CISSP, CRISC, CISA, CIPP, CISM, aren’t a prerequisite however are well regarded
Good analytical and problem-solving skills
Ability to adapt to change, operate with ambiguity and continuously learn
Must be able to demonstrate strong alignment to HCF Values
Must possess a positive attitude and excellent team player

About HCF

At HCF, our purpose is to bring our human touch to healthcare. Since 1932 we’ve been putting our members and their health first. As Australia’s largest not-for-profit health fund, we cover 2 million members with health, life, travel and pet insurance and our vision is to make healthcare understandable, affordable, high quality and member centric.

We want to be true health partners to our members, easily guiding the healthcare choices that are right for them. At HCF, our values are the way we do things and create the necessary culture to help us realise our purpose and deliver our Strategy. Living our values in action we step forward, walk in their shoes, stay human, make it better and get there together.

Culture & Benefits

Purpose-driven passion
We’re united by a common purpose: to make healthcare affordable, understandable, high quality and member-focused.

Wellness and work-life balance
We’ll empower you with the necessary skills and tools to support your personal wellbeing journey, ensuring you perform at your best. Our offerings include:

Flexible working arrangements
50% subsidy on HCF hospital and/or extras cover
Family-friendly certified employer
18 weeks of parental leave for all new parents
Mental health and wellbeing programs, including workshops, fitness classes, flu vaccinations, skin checks and more
Discounts on HCF’s products, including life, pet and travel Insurance, as well as discounts at Fitness First gyms and on our eyecare products.

Collaboration and inclusivity
We embrace diversity as our strength and are committed to maintaining an inclusive and collaborative work environment. Our workplace is welcoming and safe for all our employees, irrespective of their unique characteristics including age, ethnicity, cultural or spiritual background, gender identity, disability, education and socio-economic status.

Continuous learning and growth
We believe in lifelong learning. HCF provides opportunities for personal and professional development. From workshops to mentorship programs, we encourage your growth and curiosity.

Next steps

If you require any adjustments to assist you in making your application or during the recruitment or onboarding process, please reach out to Talent Acquisition – [email protected] to discuss.

We encourage applicants to submit their applications at their earliest convenience, as at HCF, we review applications as they are submitted, and may have filled the role prior to the job closing date.