Head of Security Governance, Risk and Compliance at Secure Code Warrior

Security & Compliance, Full-Time, Sydney sydney full-time
Posted 1 months ago

Who's Secure Code Warrior?

We're a hyper-growth cyber-security company driven by our purpose of making the world's coders more secure.

With our online secure coding platform, we train and equip software developers to be the first line of defence in their organizations, empowering them to think and act with a security mindset every day. They want to ship secure code with confidence - and we give them the skills and knowledge to do it! 

With a recently secured $US48 million in Series B funding, and customers including some of the world's most well-known banks and telecommunications companies, we're now looking for the Marios to our Luigis, the pepper to our salt, and the Chewbaccas to our Hans Solos to join our global team of Warriors.

The Head of Security, Governance, Risk and Compliance is responsible for the assessment and documenting of Secure Code Warrior’s compliance and risk posture to provide trust to our customers and community.
In this role, you will enable and transform the risk management, compliance and security capabilities.

SCW is investing in these areas to address the evolving cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow. This role will work across multiple frameworks and regulatory standards including, but not limited to ISO27k, GDPR, SOC2, FedRamp, etc.

This individual will liaise with all business groups including but not limited to Finance, Legal, Product, Engineering, IT and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues. 

The role will also have responsibility for the implementation and ownership of a GRC system that will be used to further the automation of the program. 

Your role is critical to the business as Secure Code Warrior is a cyber security company which stores and processes customer data in a cloud environment in several parts of the world.
SCW also develop’s tools that our customers use and install in their customer environment.

It’s critical for our business to continually evaluate our security posture and can provide customers with the required assurance, certification and compliance evidence around our security controls.

We’re looking for someone to help us

  • Work with security Point of Contact within Product, Engineering and IT to define and maintain Information Security Policies and Information Security Standards
  • Identify and maintain proper documentation of security controls to facilitate customer security assessments and compliance questionnaires. 
  • Support the Sales organization globally as the security SME to interact with prospect security teams
  • Security awareness to maintain and communicate our high-standards around cyber security
  • Setup and monitor third-party security requirements for SCW’s suppliers making sure we protect our customer data
  • Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including ISO27k, GDPR, SOC2, FedRamp, etc.
  • Supervise the internal ISO27001 certification (and re-certification) program.
  • Working closely with the Legal team, provide security and privacy (specifically GDPR) guidance and advisory for staff and projects.
  • We’d be particularly delighted to hire someone who has:

  • A strong passion and pragmatic mindset to work in a cyber security product startup environment who doesn’t let risk/security slow down the organisation but finds ways to enable staff to work in a secure manner 
  • Who wants to be at the cutting edge of cyber security where Zero Trust networking, Context-Aware security and DevSecOps are encouraged by CEO
  • Prepared, maintained or certified organisations in SOC2, FedRAMP or ISO27k. Or significantly involved in third party risk assessments
  • Strong communication, with great stakeholder management who can coach and understands how to manage stakeholders and work with executives with thousands priorities
  • Who can turn security governance, risk and compliance in a business enabler rather than a prohibitor
  • Why Work at Secure Code Warrior

    You're joining us at an exciting stage in our journey, and are key to our future success. You’ll have the opportunity to create impact, deliver on your ideas, and use your spark, experience and expertise to help us live long and prosper.
    Warriors have full flexibility. We appreciate that you’ll do your best work when you’re rested and energized. With our business operating globally, there’s no 9-5 grind at Secure Code Warrior. You’re encouraged to work the days, times and in the way that suits your best. We also offer generous leave and work from home options so you can make work work for you.  
    We’re a tight-knit team that values humility, diversity, giving back to the community and to each other. Giving back is key to being a Warrior, and we do what we can to make the world a little bit brighter as we work to make it more secure. 

    Diversity. Inclusion. They’re more than just words for us. They’re the hard-and-fast principles guiding how we build our teams, cultivate leaders and create a company where every single person feels safe and celebrated. We have a global, multicultural following—we want to reflect that inside our walls and ensure people come as they are, we like it that way!
    Sound like a good fit? Apply Now