Lead Security Governance, Risk and Compliance Specialist
Wellington, NZ
Xero
Xero online accounting software for your business connects you to your bank, accountant, bookkeeper, and other business apps. Start a free trial today.
Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive.
At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.
As the Lead Security Governance, Risk and Compliance Specialist you will collaborate with all parts of the business to improve Xero’s security GRC posture, to ensure Xero maintains its attestations (ISO27001, SOC2 type 2, PCIDSS) and support Xero in being the most trusted small business platform.
The Lead Security Governance, Risk and Compliance Specialist is a leadership role within the Security Assurance area and within the Security Risk team and will work closely with the Xero Product Managers and wider Xero Security teams to ensure technical roadmaps meet all security regulations. You will proactively explore any changes to security regulatory requirements and document and discuss proposals on how to ensure Xero can stay ahead of these requirements.
You will also work closely with the Security Risk and Compliance Team Leader to ensure that the team plans and prioritises in line with developments across the broader GRC space and that all Security Risk team members receive the appropriate coaching and mentoring to ensure the team proactively maintain and develop on Xero’s ability to deliver against all security regulatory requirements.
#Challenge: Xeros dream big, lead and embrace change#Beautiful: Xeros create experiences that people love#Team: Xeros are awesome team players#Ownership: Xeros deliver on our commitments#Human: Xeros are authentic, inclusive and really care
Xero is a Rainbow Tick certified employer.
Xero strongly encourages employees and contractors to be vaccinated against COVID-19 in order to work from a Xero office, or engage in any face-to-face Xero business.Please include a cover letter in your application, telling us why you’re a great fit for this position.
At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.
As the Lead Security Governance, Risk and Compliance Specialist you will collaborate with all parts of the business to improve Xero’s security GRC posture, to ensure Xero maintains its attestations (ISO27001, SOC2 type 2, PCIDSS) and support Xero in being the most trusted small business platform.
The Lead Security Governance, Risk and Compliance Specialist is a leadership role within the Security Assurance area and within the Security Risk team and will work closely with the Xero Product Managers and wider Xero Security teams to ensure technical roadmaps meet all security regulations. You will proactively explore any changes to security regulatory requirements and document and discuss proposals on how to ensure Xero can stay ahead of these requirements.
You will also work closely with the Security Risk and Compliance Team Leader to ensure that the team plans and prioritises in line with developments across the broader GRC space and that all Security Risk team members receive the appropriate coaching and mentoring to ensure the team proactively maintain and develop on Xero’s ability to deliver against all security regulatory requirements.
What you'll do:
- Ensure security compliance obligations, both internally defined and externally regulated, are understood and met across Xero.
- Proactively research and investigate changes to all security regulatory and contractual requirements, including resilience and business continuity.
- Maintain the Xero Information Security Management System(ISMS).
- Ensure that ISMS documentation keeps up to speed with the changing threat and compliance landscape, and is approved and communicated across Xero.
- Document and establish the attestation structure and processes across Xero, including the varied ways different acquisitions can be incorporated into Xero’s ISO27001 certification structure and potential SOC2 report
- Establish a plan as to when the approved certification structure may not be appropriate for new Xero organizations and document a proposed transition
- Maintain the process and documentation for Partner/Bank assurance requests and roll it out globally to remove toil for the Security Risk and Compliance team as a result of requests.
- Respond to assurance requests from Partners and Banks we integrate with, including RFP responses for new engagements.
- Keep informed as to emerging security threats that have the potential to impact Xero and recommend mitigating strategies.
- Provide measurement and reporting of Xero’s compliance position suitable for various levels of Xero’s leadership.
- Coach and mentor other team members to help them become the best versions of themselves they can be, using a variety of techniques which may include performance feedback and career development.
- Mentor product team members from other disciplines about security compliance concerns as a key consideration of product development.
What you'll bring with you
- Previous experience in an information security governance, risk and compliance role
- Previous experience implementing risk and information security management frameworks.
- Previously been recognised as a technical lead or senior contributor in your team.
- Excellent stakeholder management.
- Able to effectively communicate to a wide range of people.
- An innovative and positive team player with a “can do” attitude.
#Challenge: Xeros dream big, lead and embrace change#Beautiful: Xeros create experiences that people love#Team: Xeros are awesome team players#Ownership: Xeros deliver on our commitments#Human: Xeros are authentic, inclusive and really care
Xero is a Rainbow Tick certified employer.
Xero strongly encourages employees and contractors to be vaccinated against COVID-19 in order to work from a Xero office, or engage in any face-to-face Xero business.Please include a cover letter in your application, telling us why you’re a great fit for this position.
Tags: Compliance Governance ISMS ISO 27001 PCI DSS SOC 2
Perks/benefits: Career development
Region:
Asia/Pacific
Country:
New Zealand
Job stats:
1
0
0
Categories:
Compliance Jobs
Leadership Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs