Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive.
At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.
As the Security Risk Team Lead, you will be responsible for leading a team of specialists that work with all parts of the business to improve Xero's security risk and compliance posture, reduce the risk of security incidents and improve the efficiency and effectiveness of Xero’s security controls.
What you'll do:
Assess security risks across all areas of Xero's business, including product, platform, and third party software and services, to ensure these are well understood and managed within Xero's risk toleranceEnsure security compliance obligations, both internally defined and externally regulated, are understood and met across XeroMaintain the Xero information security management framework. Ensure that security policy and standards are kept in placeDevelop a threat modelling framework and roll this out to all product teams Develop and maintain an automated risk assessment process for add-on partners and third party providers. Ensure that security risks are assessed and understood prior to, and during the engagement with third partiesEngage and manage service providers delivering services and capabilities related to Xero's security risk and compliance practiceMaintain a comprehensive program of automated and manual security testing across Xero productsFurther develop and maintain the security risk management framework to ensure risks are documented, communicated and escalated across Xero Assist in the delivery of security awareness materials and training to Xero staff Respond to customer and supplier security assessmentsReport on Xero's risk and compliance position which will be suitable for various levels of Xero's leadershipLead a security risk management team and coach and mentor each of your direct reports Take part in people focused tasks including recruitment, leave management, performance reviews and training and developmentMentor the product team members from other business units across Xero about security risk and raise awareness of risk and compliance as a key part of product development
What you'll bring:
5+ years' demonstrated experience in an information security and risk management practiceExperience implementing risk management and information management security frameworks Proven experience in developing and maintaining a highly motivated team of individualsStrong skills in leading and mentoring diverse team members to meet organisational goals and create a collaborative environment Excellent stakeholder management skills with the ability to effectively communicate to a wide range of people
At Xero we support many types of flexible working arrangements that allow you to balance your work, your life and your passions. We offer a great remuneration package including shares plus a range of leave options to suit your well-being. Our work environment encourages continuous improvement and career development and you’ll get to work with the latest technology.
Our collaborative and inclusive culture is one we’re immensely proud of. We know that a diverse workforce is a strength that enables businesses, including ours, to better understand and serve customers, attract top talent and innovate successfully. We are a member of Pride in Diversity, in recognition of our inclusive workplace. So, from the moment you step through our doors, you’ll feel welcome and supported to do the best work of your life.