About the role

We are seeking full time Head of Cyber Governance Risk and Compliance to join our dedicated team within Clayton, Victoria.

Shape our cyber future. Lead with impact.

Join a purpose-driven organisation and play a pivotal role in building and maturing our cybersecurity governance, risk, and compliance (GRC) function. We're seeking a hands-on leader to drive security culture, strengthen risk management, and ensure regulatory compliance in a highly regulated, fast-moving environment. Reporting directly to the CISO, you’ll drive cyber awareness, uplift maturity, and help embed a risk-based culture of security across the business.

What You’ll Be Doing

Cyber Awareness & Culture

• Lead the design and delivery of engaging cybersecurity awareness and training programs.
• Work across the business to embed a strong security culture tailored to staff roles.
• Define and track awareness metrics to measure impact and drive continuous improvement.

Governance & Strategy

• Own the development of cybersecurity policies, standards, and procedures.
• Maintain a strong reporting framework to inform the executive and board on risk and maturity.
• Support the CISO in shaping and delivering the cybersecurity strategy and roadmap.

Risk & Compliance Management

• Run cyber risk meetings, manage the risk register, and drive mitigation activities.
• Conduct risk assessments, including vendor and third-party reviews.
• Ensure compliance with the Australian Privacy Act, PCI-DSS, and other applicable standards.

Metrics & Reporting

• Define and maintain key cyber metrics and dashboards.
• Report on cyber risk, maturity trends, and compliance posture to executives and the board.
• Support business case development and funding proposals for new security initiatives.

Assurance & Testing

• Deliver an annual GRC calendar including control reviews, pen testing, and vulnerability scanning.
• Oversee third-party security assessments and manage corrective actions.

Cyber Maturity & Strategic Support

• Facilitate cyber maturity assessments using frameworks like NIST, ISM, or ISO 27001.
• Assist in evaluating and implementing risk-aligned cybersecurity technologies.
• Advise the CISO on emerging risks, technologies, and regulatory change

What we’re looking for

• 5+ years in cybersecurity GRC, ideally in healthcare or similar regulated industry
• Strong understanding of frameworks like NIST, ISO 27001, ISM, PCI-DSS
• Experience with cyber risk management, and reporting
• Experience in security awareness and culture change programs.
• Confident communicator – comfortable engaging at all levels from senior executives to operational staff
• Skilled in third-party risk management and compliance monitoring
• Strong knowledge of Australian Privacy Act and cybersecurity regulations

Employee Benefits

You will have access to a range of exciting benefits when you join ACL, including:

• 8 weeks paid parental leave*
• Access to hundreds of everyday savings including phone bills, fuel and groceries, fashion, restaurants and entertainment.
• Expert guidance on healthy living on a range of topics like money, work, mind, and life.
• Free and confidential support from qualified counsellors.
• Discounted health insurance.
• Training and development opportunities.

*Service conditions apply

About us

Australian Clinical Labs (Clinical Labs) is committed to be the pathology provider of choice. Our business is growing rapidly and now has over 5000 employees and a truly national reach. We have approximately 100 NATA accredited laboratories that perform close to 6 million episodes each year for doctors, specialists, patients, hospitals and corporate clients. Clinical Labs services almost 100 private and public hospitals and is the largest provider of pathology services to public hospitals in Australia.

Who we are

We pride ourselves on our patient focus and medical excellence, empowering our people to help us to improve and save patient’s lives. Our culture is agile and willing to change, and we always act with the highest respect and integrity. Clinical Lab’s employees are passionate about what they do, the work environment in which they operate and the safety and wellbeing of all who interact with us.

Vaccination Requirements

As a healthcare provider, Clinical Labs requires all new employees to be vaccinated against preventable diseases. If successful, we will ask for proof of immunisation accordingly for our records.

You may be required to undergo probity checks as part of the recruitment process including police check and licence check.

Diversity and Inclusion

Australian Clinical Labs is an equal opportunities employer, we encourage applications from people of all ages, nationalities, abilities and cultures – including Aboriginal and Torres Strait Islander peoples, the LGBTQI+ community, people living with disability, and individuals with culturally diverse backgrounds. We’re happy to adjust our recruitment process to support accessibility needs. We also welcome applications from individuals with culturally diverse backgrounds. Australian Clinical Labs is committed to supporting Veteran Employment and Australian Defence Force Veterans and their spouses are encouraged to apply.