Security Risk and Compliance Specialist at Xero

Waddle, Permanent, Sydney, AU sydney full-time
Description
Posted 5 days ago

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. 

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

Our Purpose

We are on a big journey at Waddle, pushing the boundaries of lending for small businesses. We started our journey five years ago, building an industry leading product to enable simple, quick and digital access to lending for small businesses. 

The product enables the customer to manage their daily cash flow requirements to suit the way they manage their business and works hand and hand with cloud accounting software. Our product was so successful that we now enable other lenders in multiple markets to use the product for their own customers.

We were recently acquired by the global cloud accounting software company, Xero, who saw a beautiful connection between our purpose “making it easy for small businesses to access lending” and their purpose “helping small businesses to thrive worldwide”. When these purposes align, we’re not only helping small businesses, we’ll be building a stronger economy that can change the world.

Find out more about Waddle

About The Role

The Senior Security Risk & Compliance Specialist will be working with all parts of the business to improve Waddle’s security risk and compliance posture, to reduce the risk of security incidents and improve the efficiency and effectiveness of Waddle’s security controls.

What You'll Do

  • Assess security risks across all areas of Waddle’s business, including product, platform, and third party software and services, to ensure these are well understood and managed within Waddle’s risk tolerance.
  • Ensure security compliance obligations, both internally defined and externally regulated, are understood and met across Waddle.
  • Own and maintain the Waddle information security management framework.  Ensure that security policy and standards keep pace with the changing threat and compliance landscape, and are approved and communicated across Waddle.
  • Mentor delivery team members from other disciplines about security risk and raise awareness of risk and compliance concerns as a key consideration of product development.
  • Engage and manage service providers delivering services and capabilities related to Waddle’s security risk and compliance practice.
  • Maintain a comprehensive program of automated and manual security testing across Waddle products.  
  • Further develop and manage the security risk management framework to ensure risks are documented, quantified, owned, communicated and escalated as appropriate across Waddle.
  • Assist in the development of security awareness materials and training for Waddle staff.
  • Respond to partner and supplier security assessments.
  • Keep informed as to emerging security threats that have the potential to impact Waddle and recommend mitigating strategies.
  • Provide measurement and reporting of Waddle’s risk and compliance position suitable for various levels of Waddle’s leadership.
  • Collaborate and interface with the security representatives from our parent company Xero.
  • What You'll Bring With You

  • Takes a business focused and pragmatic approach to security risk management.
  • Ability to work as part of a team and able to take pride and ownership in their work.
  • Works collaboratively and empowers others in the team.
  • Has initiative and a passion for all things security and a willingness to go the extra mile.
  • Excellent stakeholder management.
  • Able to effectively communicate to a wide range of people.
  • An innovative and positive team player with a “can do” attitude.
  • Fast learner, detail oriented, decisive, and enjoys fast paced work environments.
  • 3+ years in a role in an information security and risk management practice 
  • Experience implementing risk management and information management security frameworks (ISO 27001 preferred)
  • Proven experience bringing all relevant stakeholders together around the concerns of risk and security.
  • Working at Waddle will be unlike any job you’ve ever had. You want start-up cliches? We‘ve got them...Leave ego at the door, wear your shorts whenever you want, add your favourite tunes to the office playlist, join in with yoga on a Thursday, even bring in your dog if you like!
    We’ve also fully embraced flexible working and have seen productivity only increase. Whilst you’ll be expected to collaborate in the office a few days each week, we believe working from home is here to stay.


    Why Xero?

    At Xero we support many types of flexible working arrangements that allow you to balance your work, your life and your passions. We offer a great remuneration package including shares plus a range of leave options to suit your well-being. Our work environment encourages continuous improvement and career development and you’ll get to work with the latest technology.  

    Our collaborative and inclusive culture is one we’re immensely proud of. We know that a diverse workforce is a strength that enables businesses, including ours, to better understand and serve customers, attract top talent and innovate successfully. We are a member of Pride in Diversity, in recognition of our inclusive workplace. So, from the moment you step through our doors, you’ll feel welcome and supported to do the best work of your life.