Lead Security Governance, Risk and Compliance Specialist

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. 
At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.
As the Lead Security Governance, Risk and Compliance Specialist you will collaborate with all parts of the business to improve Xero’s security GRC posture, to ensure Xero maintains its attestations (ISO27001, SOC2 type 2, PCIDSS) and support Xero in being the most trusted small business platform. 
The Lead Security Governance, Risk and Compliance Specialist is a leadership role within the Security Assurance area and within the Security Risk team and will work closely with the Xero Product Managers and wider Xero Security teams to ensure technical roadmaps meet all security regulations. You will proactively explore any changes to security regulatory requirements and document and discuss proposals on how to ensure Xero can stay ahead of these requirements.
You will also work closely with the Security Risk and Compliance Team Leader to ensure that the team plans and prioritises in line with developments across the broader GRC space and that all Security Risk team members receive the appropriate coaching and mentoring to ensure the team proactively maintain and develop on Xero’s ability to deliver against all security regulatory requirements.

What you'll do:

• Ensure security compliance obligations, both internally defined and externally regulated, are understood and met across Xero.
• Proactively research and investigate changes to all security regulatory and contractual requirements, including resilience and business continuity.
• Maintain the Xero Information Security Management System(ISMS).  
• Ensure that ISMS documentation keeps up to speed with the changing threat and compliance landscape, and is approved and communicated across Xero.
• Document and establish the attestation structure and processes across Xero, including the varied ways different acquisitions can be incorporated into Xero’s ISO27001 certification structure and potential SOC2 report 
• Establish a plan as to when the approved certification structure may not be appropriate for new Xero organizations and document a proposed transition
• Maintain the process and documentation for Partner/Bank assurance requests and roll it out globally to remove toil for the Security Risk and Compliance team as a result of requests.
• Respond to assurance requests from Partners and Banks we integrate with, including RFP responses for new engagements.
• Keep informed as to emerging security threats that have the potential to impact Xero and recommend mitigating strategies.
• Provide measurement and reporting of Xero’s compliance position suitable for various levels of Xero’s leadership.
• Coach and mentor other team members to help them become the best versions of themselves they can be, using a variety of techniques which may include performance feedback and career development.
• Mentor product team members from other disciplines about security compliance concerns as a key consideration of product development.

What you'll bring with you

• Previous experience in an information security governance, risk and compliance role 
• Previous experience implementing risk and information security management frameworks.
• Previously been recognised as a technical lead or senior contributor in your team.
• Excellent stakeholder management.
• Able to effectively communicate to a wide range of people.
• An innovative and positive team player with a “can do” attitude.

Our Values
#Challenge: Xeros dream big, lead and embrace change#Beautiful: Xeros create experiences that people love#Team: Xeros are awesome team players#Ownership: Xeros deliver on our commitments#Human: Xeros are authentic, inclusive and really care
Xero is a Rainbow Tick certified employer.
Xero strongly encourages employees and contractors to be vaccinated against COVID-19 in order to work from a Xero office, or engage in any face-to-face Xero business.Please include a cover letter in your application, telling us why you’re a great fit for this position.