Senior Risk & Compliance Specialist (Tyro Health)
Join to apply for the Senior Risk & Compliance Specialist (Tyro Health) role at Tyro Payments.
About Tyro Health
At Tyro Health, our mission is simple but ambitious: to make healthcare more accessible for all Australians through the technology and solutions we build. We are committed to working in partnership with providers, software vendors, insurers, and health system leaders to build a future that is more connected, efficient, and patient-focused.
About The Role
We are seeking a proactive and versatile Senior Risk & Compliance Specialist to strengthen Tyro Health’s risk and compliance capabilities while supporting our engineering and operations teams. This role will drive the implementation and maintenance of risk frameworks, compliance programs, and security practices. You’ll champion protection of sensitive payments, personal and health data, and ensure platform integrity.
What You’ll Do
* Champion risk management across Tyro Health, driving the identification, assessment, and mitigation of key business risks.
* Embed a strong risk culture by setting clear expectations, coaching team members, and delivering risk education initiatives.
* Maintain and continuously improve Tyro Health’s ISO 27001‑certified Information Security Management System (ISMS), including internal audits and policy adherence.
* Implement and evidence controls to meet APRA prudential standards (e.g. CPS 230, CPS 234) and support regulatory reporting and attestations.
* Partner with Group Product and Group Risk to ensure compliance with payment scheme and regulatory requirements, including PCI DSS and KYC obligations.
* Strengthen fraud risk management by collaborating on frameworks, control testing, and incident follow‑up.
* Lead Business Continuity and Disaster Recovery planning, testing, and reporting to ensure operational resilience.
* Partner with Site Reliability and engineering teams to enhance security operations, monitoring, and response processes.
* Support incident and risk management processes, ensuring effective escalation, documentation, and resolution.
* Act as a trusted advisor to integration partners, guiding them through compliance and regulatory requirements.
* Manage third‑party risk assurance, including completing security assessments, questionnaires, and PCI attestations.
* Collaborate with external and internal stakeholders to enable compliant and.
What You’ll Bring
* At least 5 years of hands‑on experience in a risk, compliance, or security GRC role.
* Deep, practical experience implementing or managing major compliance frameworks (e.g., ISO 27001, SOC 2).
* Proven ability to translate complex regulatory requirements into practical, actionable guidance for technical and non‑technical teams.
* Exceptional documentation and communication skills – you can write for both auditors and engineers.
* A pragmatic and collaborative mindset, with a focus on enabling the business to achieve its goals safely.
Nice to have
* Direct experience with APRA prudential standards (CPS 230, CPS 234) and/or PCI DSS.
* Experience in a high‑growth tech, fintech, or health‑tech environment.
* Familiarity with fraud risk management principles in a payments context.
* Experience working in a matrixed environment, collaborating with a central risk or compliance function.
What’s in it for you?
We’ve worked hard to create an environment that’s big on diversity, inclusion, and flexibility. Here are some highlights:
* A mix of in‑office and remote working.
* Learning and career development opportunities.
* 16 weeks paid primary carers leave.
* 12 weeks paid secondary carers leave.
* Annual team‑based volunteer day.
* Birthday leave.
* Power Up Day (additional day of leave).
* Weekly team social events, snacks, craft beer and wine, ping pong and video games.
* Taco Tuesdays.
* Mental health and wellness initiatives.
* Novated leasing.
Tyro is committed to a diverse, inclusive workplace where everyone thrives. We welcome applicants of all backgrounds and are an equal‑opportunity employer. If you need accommodations or adjustments at any stage of the recruitment process, simply let our Talent team know.
Still with us? If you’ve got this far, you might just be a great fit for us. Don’t tick all the boxes above? That’s okay – apply anyway and our Talent team will review your profile – you might be a fit for future roles.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
#J-18808-Ljbffr