Senior Security Risk & Compliance Specialist at Xero

Security, Permanent, Melbourne, AU melbourne full-time
Posted a month ago

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. 

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

We’re growing rapidly and with growth comes new markets, new partners, new security and risk threats, and new compliance obligations. We are looking for a Senior Security Risk and Compliance Specialist in Wellington, Auckland or Melbourne who will thrive on the challenge of helping our diverse teams understand and manage their security risks, delivering meaningful security initiatives to keep us ahead of the curve.

You’ll be working as part of a global team across the business to improve Xero’s security risk and compliance posture. Your goal is to help us reduce the risk of security incidents and improve the efficiency and effectiveness of Xero’s security controls.

We’re a company founded in New Zealand working on a global scale, as a Xero you’ll take the lead not just on the NZ, ANZ or APAC Security Risk but will be part of our global efforts to build a best in class in-house Security Risk and Compliance practice. This is a fantastic opportunity to join a market leading global SaaS company, working across regions and business units.

At Xero we believe having diverse teams of talented people working together is key to our success, joining us means joining a team of talented professionals across our business working in a fun, innovative, collaborative and high performing environment. Our goal is to enable you to do the best work of your life with Xero.

What you'll do:

  • Assess security risks across all areas of Xero’s business, including product, platform, and third party software and services, to ensure these are well understood and managed within Xero’s risk tolerance.
  • Ensure security compliance obligations, both internally defined and externally regulated, are understood and met across Xero.
  • Maintain the Xero information security management framework.  Ensure that security policy and standards keep pace with the changing threat and compliance landscape, and are approved and communicated across Xero.
  • Develop a threat modelling framework and work with other security teams to roll this out to all product teams.
  • Develop and maintain an automated risk assessment process for add-on partners and third party providers. Ensure that security risks are assessed and understood prior to, and during the engagement with the third party.
  • Engage and manage service providers delivering services and capabilities related to Xero’s security risk and compliance practice.
  • Maintain a comprehensive program of automated and manual security testing across Xero products.  
  • Further develop and manage the security risk management framework to ensure risks are documented, quantified, owned, communicated and escalated as appropriate across Xero.
  • Assist in the development of security awareness materials and training for Xero staff.
  • Respond to customer and supplier security assessments.
  • Define requirements and assess solutions to automate and improve the efficiency of risk assessment and reporting processes.
  • Keep informed as to emerging security threats that have the potential to impact Xero and recommend mitigating strategies.
  • Provide measurement and reporting of Xero’s risk and compliance position suitable for various levels of Xero’s leadership.
  • Coach and mentor other team members to help them become the best versions of themselves they can be, using a variety of techniques which may include performance feedback and career development.
  • Mentor product team members from other disciplines about security risk and raise awareness of risk and compliance concerns as a key consideration of product development.
  • What you'll bring with you?

  • Extensive experience in a role in an information security and risk management practice, including threat modelling and risk management; and/or compliance and certification against frameworks like ISO27001, SOC2 and PCI DSS
  • Been recognised as a technical lead or senior contributor in your team.
  • Experience of working in an organisation that has achieved ISO27001 certification or has maintained their SOC2 report for a number of years would be an advantage.
  • Experience implementing risk management and information management security frameworks.
  • Takes a business focused and pragmatic approach to security risk management.
  • Ability to work as part of a team and able to take pride and ownership in their work.
  • Has initiative and a passion for all things security and a willingness to go the extra mile.
  • Why you should become a Xero

    It’s a diverse and inclusive environment, with people who will respect, challenge, support and mentor you to do the best work of your life. We’re a place where innovation and change are not only encouraged but also celebrated. We value our people and want them to enjoy and take pride in their work.

    We’re very supportive of flexible working arrangements and offer a competitive remuneration package including shares and life insurance, in addition to your base salary. We have a culture we’re proud of. Whether you're after a workplace with a social vibe, or a workplace which understands your family is priority - Xero is all of that and more.

    Why Xero?

    At Xero we support many types of flexible working arrangements that allow you to balance your work, your life and your passions. We offer a great remuneration package including shares plus a range of leave options to suit your well-being. Our work environment encourages continuous improvement and career development and you’ll get to work with the latest technology.  

    Our collaborative and inclusive culture is one we’re immensely proud of. We know that a diverse workforce is a strength that enables businesses, including ours, to better understand and serve customers, attract top talent and innovate successfully. We are a member of Pride in Diversity, in recognition of our inclusive workplace. So, from the moment you step through our doors, you’ll feel welcome and supported to do the best work of your life.