Security Risk Analyst at Afterpay

Information Security, Permanent Full-time, Melbourne melbourne analytics full-time
Posted 19 days ago

Afterpay’s mission is to power an economy where everyone wins. It’s our security team’s job to ensure that our systems are worthy of  the trust of our consumers, merchants and partners.

To do that, we’re building and maintaining a company-wide culture that values information security, an effective information security program with a talented security team.

We are strong believers that the security team should not be the team of NOPE - instead, we believe that our job is to understand our partner’s goals and to work with them to achieve those goals. We can only achieve this if we make Afterpay  a great place for talented information security professionals to work.

We work hard to live our values as we believe they give us the best possible chance of achieving our goals.

We are partners - we understand the business and technical priorities and work to support them. We link our initiatives to the needs of the business
We are respected - we aim to build respect in each interaction by being subject matter experts, by communicating clearly and by being human
We are empathetic - we know that people have competing priorities and we try to put ourselves in their shoes
We are pragmatic - we’re making progress and not aiming for perfection
Our work is measurable - we focus on measuring our work so we can show the impact we’re having and so we can continually improve

We are looking for passionate colleagues to join the rocketship and help us build security into everything that Afterpay does in a way that doesn’t feel burdensome, bureaucratic or boring.

About the Opportunity

Managing information security risk is the core function of the information security team. Our Security Governance, Risk and Compliance (GRC) function is the glue that helps the rest of the information security team work consistently and collaboratively.

The Security GRC function is responsible for ensuring that we:

- Have a unified approach to managing information security risk
- Properly understand our compliance obligations
- Know how we will meet our compliance obligations
- Take a risk-focused approach to prioritizing our information security initiatives
- Can demonstrate the efficacy of our risk management and compliance efforts

As a Security Risk Analyst you will work closely with the Security GRC function and our other information security professionals to identify, assess and document security risks.

This role is perfect for someone who is passionate about growing a career in information security and who has entry-level experience in an information security related field.

You will be able to help our team and our partners to understand how to manage security risk whilst enabling them to achieve their business objectives.

Finally, you will help us to continue  building a great team culture, and to have a laugh along the way.

What you'll be doing:

- Support security risk assessments for third-parties that are onboarded
- Provide advice on contractual clauses to mitigate security risks and comply with applicable legislation
- Document, maintain and review the global third-party security risk register
- Support with the maintenance of the global security risk register
- Work with the Security GRC function to implement our Global Security Compliance Program

Who are you?

Life on the rocketship is exciting! Our rapid growth means you will need to be enthusiastic, flexible, understanding and resilient. In addition you’ll be:

Self-driven - We afford our team members a lot of autonomy. Our style is to agree on a set of goals and metrics up front and to empower people to get their jobs done.
Creative - We value team members who are able to find smart ways to balance risk and requirement. We aren’t a team that dogmatically follows established security practices.
Technical - Our security function has a high-level technical knowledge. We use this knowledge to help us provide more nuanced and actionable advice to our stakeholders.
Disciplined - Delivering against our goals requires someone who is able to keep themselves honest and to continue to move forward regardless of what is happening around them.

What are the perks?

We are a purpose-led, outperforming organisation and will reward you for your performance. We pride ourselves on fairness and offer a competitive total reward package made up of salary, incentives and benefits including the opportunity to enrol in our share matching plan.

We have a strong focus on health and wellbeing at Afterpay as we aim to support you to succeed in both your career and personal lives, such as providing employees with a corporate membership to Headspace. We also offer a generous parental leave policy and are proud to support working parents with up to 24 weeks of paid leave.

We value diversity and a collaborative and inclusive environment where everyone feels they belong is important to us.

How to Apply:

We don’t know what the future holds. That’s the exciting part; we show up and make it happen. If you’re brave, if you’re committed to doing the right thing and excited by this opportunity, click apply now!

Afterpay is continuing to hire for all open roles with all interviewing conducted virtually. Where possible and in line with DH Covid-19 restrictions, we are transitioning to in-office onboarding for all new starters on day one. Similarly, employees have started transitioning to 2 days per week in the office.