Australian Pharmaceutical Industries Limited (API) is one of Australia's leading pharmaceutical distributors and fastest growing health and beauty retailers. API is the foundational asset of the Wesfarmers Health Division, and is the parent company of Priceline Pharmacy, Soul Pattinson Chemist, Pharmacist Advice and Clear Skincare Clinics. Our services include wholesale product delivery, retail services, marketing programs and business advisory services.
**The responsibilities for this role include**:
- Maintain and further develop effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
- Perform regular compliance reviews to ensure security posture of the IT practices and the wider API business activities, meet governance requirement.
- Advise HoIS of issues including legislation and the adoption of new security standards and compliance requirements
- Coordinate and manage information technology and security related audits including scope of audits, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective to benefit the health division's security practices. Provide guidance, evaluation, and advocacy on audit responses.
- Coordinate the management of vendors and partners to ensure they clearly understand security obligations, responsibilities, and activities.
- Ensures appropriate policies and governance structures are in place to manage security across the health division.
- Contribute to the development of security roadmaps.
- Maintain and Manage PMO security artefacts / deliverables and support projects managers meet agreed project security outcomes.
- Undergraduate qualification in a technical discipline
- Big4 audit/risk experience would be advantageous
- 5 + years of relevant experience in similar role
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
- Ability to retain a current security clearance
- A proven track-record in developing, maintaining, and managing Governance, Risk and Compliance across large organisation and comfortable working in a dynamic and rapidly changing environment.
- Strong knowledge and experience with security, control and risk frameworks and standards such as PCI DSS, ISO27001/2, NIST CSF and CPS234.
- Comprehensive understanding of risk management concepts and current best practices, techniques, methodologies, and management tools.
- Relevant experience with Internal & External audit processes and requirements.
- A sound understanding of PCI Compliance requirements in a retail environment and able to effectively work with external QSA's and other independent security organisations.
- Sound understanding of IT operations/functions, infrastructure, and network architectures.
- Proven record of success managing Security and Governance within complex and heterogeneous corporate environments.