Location: Melbourne, Australia
Afterpay’s mission is to power an economy where everyone wins. It’s our security team’s job to ensure that our systems are worthy of the trust of our consumers, merchants and partners.
To do that, we’re building and maintaining:
A company-wide culture that values information security
An effective information security program
A talented security team
We are strong believers that the security team should not be the team of NOPE - instead, we believe that our job is to understand our partner’s goals and to work with them to achieve those goals.
We can only achieve this if we make Afterpay a great place for talented information security professionals to work. Our team values are:
Partnership - we understand the business and technical priorities and work to support them. We link our initiatives to the needs of the business
Respect - we aim to build respect with every interaction by being subject matter experts, by communicating clearly and by being human. We also work to develop one another as security professionals with the understanding that we’re better when we work as a team
Empathy - we know that people have competing priorities and we try to put ourselves in their shoes
Pragmatism - we make sure that we’re making reasonable recommendations and that we’re not being overly dogmatic
Measurability - we think about how we’ll measure the effect of our actions before we take them. We focus on measuring our work so we can show the impact we’re having and so we can continually improve
We are looking for passionate colleagues to join the rocketship and help us!
Managing information security risk is the core function of the information security team at Afterpay. Our Security Governance, Risk and Compliance (GRC) function is the glue that helps the rest of the information security team work consistently and collaboratively.
The Security GRC function is responsible for ensuring that we:
Have a unified approach to managing information security risk
Properly understand our compliance obligations
Know how we will meet our compliance obligations
Take a risk-focused approach to prioritizing our information security initiatives
Can demonstrate the efficacy of our risk management and compliance efforts
As a Security Compliance and Assurance Manager you will work closely with the Manager of the Security Governance, Risk and Compliance function, the Chief Information Security Officer and our other information security professionals to make sure that our information security program achieves these goals.
To succeed, you will need to be an experienced information security professional. You will have a nuanced understanding of cybersecurity compliance obligations and a pragmatic approach to implement them. You will be able to help our team and our partners to map a path that manages their compliance obligations whilst enabling them to achieve their business objectives.
Finally, you will need to help us to continue building a great team culture, and to have a laugh along the way.
Security Compliance & Assurance
Work with the Security GRC Manager to develop and implement a Global Security Compliance Program;
Own compliance certification programs for new applicable standards and legislation such as SOC 2, ACH, HIPAA;
Coordinate or participate in compliance certification audits;
Conduct regular assessments and Internal audits to collect key evidence and show the ongoing efficacy of our information security program;
Help us with our goal of being able to continuously demonstrate compliance with our control framework.
Work with the Security GRC Manager to develop and implement a Global Security Policies Framework;
Work with other stakeholders around security and around our business to build compliance artifact generation and collection into their day-to-day activities;
Work with our other information security experts to create a unified approach to managing compliance obligations.
Help integrate security compliance into Afterpay’s International expansion efforts
Life on the rocketship is exciting! Our rapid growth means you will need to be enthusiastic, flexible, tolerant and resilient. In addition you’ll be:
Self-driven - We afford our team members a lot of autonomy. Our style is to agree on a set of goals and metrics up front and to empower people to get their jobs done.
Creative - We value team members who are able to find smart ways to balance risk and requirement. We aren’t a team that dogmatically follows established security practices.
Technical - Our security function has a high-level technical knowledge. We use this knowledge to help us provide more nuanced and actionable advice to our stakeholders.
Disciplined - Delivering against our goals requires someone who is able to keep themselves honest and to continue to move forward regardless of what is happening around them.
Flexible - The only constant at Afterpay is change. Enjoying work means that you will have to embrace change and be willing to try new things to see if they work.