Governance Risk and Compliance Specialist
AU - VIC
Applications have closed
Airwallex
Grow your business faster with Airwallex - global business accounts, high speed transfers, multi-currency cards, online payments, embedded finance, and more.Established in 2015 in Melbourne, our purpose is to connect entrepreneurs, business builders, makers and creators with opportunities in every corner of the world. Today, Airwallex has a global footprint across Asia-Pacific, Europe, and North America.
Your role
As a Governance Risk and Compliance Specialist here at Airwallex, you will be a trusted member of the Information Security team and work closely with senior leadership regarding regulatory compliance, data privacy and other aspects of financial risk and governance.
Reporting directly to the Vice President of IT and INFOSEC, this role will see you being a critical part of Airwallex, helping to identify key information security risks to the organisation as well as designing proactive and preventative mitigation strategies through the development and management of information security policies and standards.
This is a dynamic and autonomous role that sees compliance as a problem to solve, rather than a function and requires experience in designing and implementing GRC related projects, including developing and managing policies and standards related to the security of our networks, systems and applications.
What you'll be doing
- Implement risk assessment framework and program that aligns to regulatory requirements, ensuring documented and sustainable compliance which enables business outcomes.
- Evaluate risks and co-develop security standards and policies to manage information security risks.
- Develop guidelines, checklists, and other resources to help non-technical employees understand information security requirements.
- Implement processes to automate and continuously monitor information security controls, exceptions, risks, and testing. Co-develop and maintain reporting metrics, dashboards, and evidence artefacts for the internal reporting and technology risk committee.
- Partner with the Data Privacy team to establish roles and responsibilities for data protection and privacy.
- Provide support to all stakeholders on internal and external audits, third party vendor and partner reviews, and regulator questionnaires.
- Perform and investigate internal and external information security risk and exceptions assessments. Identify and document gaps in the risk register, tracking the risk, mitigations, owner, etcMaintain and advise other stakeholders and participants on the context, structure, and operations of technology risk committee meetings and reporting.
- Review implementation of technical controls to ensure compliance with regulators and partners.
- Implement traceability of policies to help stakeholders and employees understand the source and scope of requirements
What you'll bring
- A passion for solving the complex challenges of high-growth startups.
- Self motivation and drive to learn new skills, or dive deeper into existing skills.A high level security degree or certification such as a MSc in Cybersecurity or similar. CISSP, CISA, CISM, ISO 27001 is highly desired.
- 3-4 years experience in Financial Services or Payments roles.
- Strong familiarity with Information Security concepts, practices, and solutions.
- Deep knowledge of relevant compliance, regulatory and control frameworks including PCI-DSS, ISO 27001, SOC2 and similar standards.
- Experience in Risk Management including the design and implementation of processes to identify, manage and mitigate information security risks.
- Working knowledge of and experience in the policy and regulatory environment of information security.
- Technical experience in cybersecurity operations to understand, incorporate and communicate technical aspects into the role.
- Understanding of cloud platform and application security.
- Published articles, journals or blogs related to cybersecurity.
Life at Airwallex:💸We commit to industry-leading salaries and rewards 💲We share our business success through every employee receiving equity💻 Flexible working available, plus two epic working spaces in the heart of Melbourne and Sydney🥗On-site snacks, think fully stocked fridges, beers, ice-creams and catered social lunches🧘Access to our mental wellness platform to provide personalised, private support, including coaching and EAP sessions🎂 Enjoy a paid day off on your birthday to celebrate YOU👪Generous parental leave, baby bonding leave, and pregnancy loss leaves💵Paid community and volunteer leave 💸Generous Employee Referral Program rewards for referring top talent✈️ Explore the world - You have the opportunity to work from anywhere in the world for up to 3 months each year🦄 Accelerate your career - We've reached consistent unicorn status and our people are a huge part of this. Airwallex is the place where you can grow to your full potential, with more than a third of our Australian team promoted last year
Airwallex is proud to be an equal opportunity employer. We value diversity and anyone seeking employment at Airwallex is considered based on merit, qualifications, competence and talent. We don’t regard colour, religion, race, national origin, sexual orientation, ancestry, citizenship, sex, marital or family status, disability, gender, or any other legally protected status. If you have a disability or special need that requires accommodation, please let us know.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits Banking CISA CISM CISSP Cloud Compliance FinTech Governance ISO 27001 Privacy Risk assessment Risk management SOC 2
Perks/benefits: Career development Flex hours Parental leave
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Engineer jobs
- Open Senior Cyber Security Specialist jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs