The Information Technology (IT) team plays a key role in providing business enablement throughout ResMed. We are focused on application, infrastructure, and user productivity solutions, with innovation, efficiency, and security. Our goal is providing customer-oriented agile delivery, effective business partnership, and state-of-the-art technology solutions.
This position is part of the Global IT Security team at ResMed, dedicated to maintaining the integrity and security of the company's information and global computing infrastructure. We are looking for a proactive Third-Party Risk Management Specialist to join our Global Enterprise Security Services team. In this business-facing role, you will be instrumental in managing third-party risk and securing our vendor relationships. The ideal candidate should have a deep understanding of vendor security evaluations and IT security risk management, as well as practical experience with security assessment tools. You will collaborate closely with IT leadership, business units, executive teams, and key stakeholders to align security strategies with business goals. This role necessitates significant collaboration across diverse cultures and time zones.
Let’s talk about Responsibilities
- Conduct and oversee thorough security assessments of third parties, ensuring they meet the highest security standards and regulatory requirements.
- Perform IT Security Risk Assessments and manage associated risks from third-party vendors.
- Ensure adherence to internal security policies as well as international standards and regulations such as ISO 27001, NIST, SOC 2, HIPAA, GDPR, and PCI/DSS.
- Utilize advanced TPRM tools to carry out assessments and produce reports.
- Collaborate with business units to effectively communicate findings and recommendations, ensuring they align with organizational objectives.
- Stay informed about the latest trends and developments in security, cloud security, and third-party risk management.
- Encourage a culture of continual learning and development within the team by exploring modern technologies like GenAI, Machine Learning, DevSecOps, Data Lakes, Analytics, etc.
- Provide regular updates to senior management on the status of security initiatives, risk assessments, and compliance efforts.
Let’s talk about Qualifications and Experience
Required:
- Practical experience conducting security assessments for third parties.
- Extensive knowledge of vendor security evaluations and IT security risk management frameworks.
- Understanding of security standards, frameworks, or regulations like ISO 27001, NIST, SOC 2, CIS, HIPAA, GDPR, and PCI/DSS.
- Familiarity with security controls such as Authentication, Authorization, Encryption, Firewalls, WAF, DLP, SIEM, Incident Management, Change Management, Business Continuity, Disaster Recovery, and Endpoint Protection.
- Strong communication and presentation abilities, capable of effectively engaging with business stakeholders.
- A proactive attitude with a keen interest in learning and advancing in the field of information security.
Preferred:
- Bachelor’s degree in computer science or related field.
- Master’s degree or security certifications (e.g., CISM, ISO27001 LA, AWS Security, etc.).
- Minimum 2 years of experience in IT security risk assessment and management.
- Exposure and knowledge of cloud environment (AWS, Azure) and SaaS security.
- Experience within a manufacturing firm in the healthcare industry.
Joining us is more than saying “yes” to making the world a healthier place. It’s discovering a career that’s challenging, supportive, and inspiring. Where a culture driven by excellence helps you not only meet your goals but also create new ones. We focus on creating a diverse and inclusive culture, encouraging individual expression in the workplace and thrive on the innovative ideas this generates. If this sounds like the workplace for you, apply now! We commit to respond to every applicant.