GRC Analyst

The Information Technology (IT) team plays a key role in providing business enablement throughout ResMed. We are focused on application, infrastructure, and user productivity solutions, with innovation, efficiency and security. Our goal is providing customer oriented agile delivery, effective business partnership and state-of-the-art technology solutions.

Job Summary

ResMed is seeking candidates for a Governance, Risk and Compliance (GRC) Analyst position to join our Enterprise Security GRC team.

The GRC Analyst is an integral member of the team within Enterprise Security at ResMed. Reporting to the Sr. Technology Risk Manager, this role will conduct security risk management, compliance and audit activities across the business and will support teams with proactive guidance, project coordination, risk assessment, remediation advice and tracking, and audit support to stay compliant with applicable policies, procedures, standards and guidelines, and regulations. This individual will foster collaboration and trusting relationships and will promote security education and awareness throughout the business.

Let’s talk about Responsibilities, as a GRC Analyst you will;


Complement a high-performance team for high quality and secure IT and cloud solutions,

Provide project coordination for IT security risk assessment, compliance, and audit activities,

Support internal and third-party audit engagements (SOX ITGC, SOC1, SOC2),

Assist with new compliance initiatives (SOC2, HITRUST, etc.),

Conduct compliance monitoring, risk assessment, evidence collection, system access reviews,

Escalate and track remediation activities across teams and provide progress reporting,

Perform GRC system administration for scheduling tasks, evidence collection, maintaining risk register,

Support vendor risk management,

Maintain a strong working knowledge of applicable Security and Privacy standards, frameworks, laws,

Assist in the development of Enterprise Security compliance policies and procedures,

Respond to customer requests for compliance reports, questionnaires, and audits,

Stay abreast of current issues and obtain continuing education and training to maintain up-to-date knowledge about standards and certifications applicable to digital Healthcare in global markets

Collaborate with other groups involved in risk and compliance activities to identify potential improvements to global risk and compliance tools and methods

Participate in raising compliance awareness and training across the organization,

Continually learn, discover, evolve, and mentor.

Let’s Talk About Qualifications And Experience

Required (Qualifications/experiences that are an absolute must for the position)

A minimum of 2 years’ compliance, audit, business/system analysis or risk management experience; or experience in related disciplines; or equivalent combination of education and experience

Knowledge of information systems, information security, data privacy and regulatory compliance and information systems

Have strong analytical, organization and time management skills

Demonstrate a growth mindset in all you do

Ability to adapt and manage assignments as they evolve and are replaced by other priorities in a dynamic and fast paced environment

Unquestionable personal code of ethics, integrity, diversity and trust

Experience with ISO27001 or NIST or similar security frameworks.

Experience with HIPAA, SOC1, SOC2, CCPA, or similar privacy and security standards.

Experience with GRC tools and technologies (e.g., OneTrust, KCM) with an aptitude for technology and critical thinking.

Practical application of soft skills as needed and/or as dictated by situations such as persuasion, influence using "presence" to obtain the right outcomes for the Company.

Ability to obtain relevant professional certifications (i.e., SSCP, CISA, CISM, CISSP, CIPP, PMP).

Preferred (Qualifications/experiences That Are Preferred For The Position)

Bachelor’s Degree or Diploma in Cyber Security Computer Science, Information Security or related discipline. or equivalent experience

Highly developed communications skills (written/verbal) and interpersonal savvy; can influence without authority

Previous experience with OneTrust GRC or other Audit and Control software

Certification with a recognized Association for IT security, compliance or audit professionals. Acceptable associations/certifications include but are not limited to: ISACA CISM/CISA/CRISC, CISSP ISC2/SSCP/HCISPP, ISO 27001 Auditor

Joining us is more than saying “yes” to making the world a healthier place. It’s discovering a career that’s challenging, supportive and inspiring. Where a culture driven by excellence helps you not only meet your goals, but also create new ones. We focus on creating a diverse and inclusive culture, encouraging individual expression in the workplace and thrive on the innovative ideas this generates. If this sounds like the workplace for you, apply now! We commit to respond to every applicant.