Risk & Compliance Analyst - Security GRC (Open to remote across ANZ)
Sydney, New South Wales, Australia
At Canva, we celebrate diversity. We deeply believe that bringing together diversity of thoughts, perspectives and expression is key to building the best product, team and company. We look for many different skills and abilities, as well as how you can enhance Canva and our culture. So, even if you don’t think you quite meet all of the skills listed or tick all the boxes, we’d still love to hear from you!
Our mission at Canva is to empower the world to design and since launching in 2013, we have grown exponentially, amassing over 100+ million monthly active users across 190 different countries and a team of over 3,000 people… and the best bit is that we’ve only achieved 1% of what we know we’re capable of.
Join us and design your future.
About the Risk & Compliance Analyst
At Canva, we want to ensure that we know and understand our security risks and our compliance obligations so that decision-makers throughout the organisation have the information that they need to make good risk decisions.
As a Security Risk & Compliance Analyst, you will be involved in a diverse range of risk management activities including consulting on projects and proposals, periodic risk reviews and internal and external audits. You will work with staff from across the organisation to identify and assess risks to Canva’s information assets as well as data that our customers have entrusted to us.
The successful candidate will have the option of being based out of our Sydney office, or being fully remote within Australia.
About the Security Group
The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk. The group runs programs across Identity and Access Management, Application Security, Risk and Compliance, Threat Detection and Response, and Red Teams.
What you'll be doing!
- Working to improve the information that we record in our GRC tools.
- Working on projects to improve the quality of risk reporting.
- Working on vendor risk and security assessments.
- Working on customer security questionnaires.
- Actively contributing to other aspects of Canva’s information security management system.
- Knowledge of or previous exposure to information security risk management practices.
- Strong verbal and written communication skills.
- Ability to work alongside both technical and non-technical colleagues across all levels of an organisation.
- A high level of attention to detail.
- A continuous improvement mindset.
Beneficial experience (not required, but helpful!)
- Familiarity with common industry IT risk management and security certifications and standards (ISO 27001, SOC 2, PCI DSS, etc).
- Experience with Atlassian Jira, and Confluence.
- Experience in software development or IT operations.
Our culture is unlike anywhere else and we design your #CanvaLife experience to empower you to do the best work of your life.
Whether you’re in the office, working from home or choosing your own adventure, our benefits for permanent Canvanauts include:
• Equity packages for you to truly be a part of the Canva journey. • We have a hybrid work model (in-office & from home), with our offices are always open to you balancing flexibility and connection • Flexible leave so you can recharge, give back, support others or focus on your own professional development. • Inclusive parental leave policy that supports all parents and carers throughout their parenting and caring journey. • An annual Vibe & Thrive allowance. This is for you to spend on whatever will support your wellbeing and development.. because you know what you need to Vibe and Thrive, better than anyone. • Virtual and in-office wellness benefits including Canva University, Employee Assistant Programs and Fitness & Meditation Classes. • Canva For Good program matching your not-for-profit donations, Force for Good leave (3 paid volunteering days) and a range of sustainability and ethical initiatives to get involved in.
We make hiring decisions based on your experience, skills and passion. Please note that interviews are conducted virtually. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.
* Salary range is an estimate based on our salary survey 💰
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Staff Product Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Head of Information Security jobs
- Open Senior SOC Analyst jobs
- Open IT Security Engineer jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Senior Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Lead Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Cybersecurity Engineer jobs
- Open IT Security Analyst jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Infrastructure Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Cyber Hunt SME jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Cyber Program Manager jobs
- Open GCP-related jobs
- Open Clearance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open ISO 27001-related jobs
- Open SaaS-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open CISM-related jobs
- Open Threat intelligence-related jobs
- Open Cryptography-related jobs
- Open Analytics-related jobs
- Open Kubernetes-related jobs
- Open CISA-related jobs
- Open APIs-related jobs
- Open IAM-related jobs
- Open DevSecOps-related jobs
- Open IPS-related jobs
- Open CI/CD-related jobs