Security Governance, Risk, and Compliance Manager

Summary

Join Employment Hero, a rapidly growing tech company, as their Security GRC Manager and lead the Global Security GRC Team. You will be responsible for shaping the information security management strategy, ensuring the company is at the forefront of information security excellence. This role involves leading and managing a team of Security GRC professionals, developing and driving the organization's information security and GRC strategy, overseeing governance, risk, and compliance processes, conducting audits and compliance reporting, developing and enforcing security policies, collaborating with stakeholders, leading risk assessments, managing security incidents, providing security training, and driving continuous improvement and innovation.

Requirements

• A degree in information technology, information security, risk management, or equivalent work experience
• Proven ability to lead and manage a team, with strong consultative, written, and verbal communication skills
• Ability to influence stakeholders at all levels of the organization
• Demonstrated knowledge and understanding of contemporary frameworks and methodologies, such as ISO 27001, NIST 800-53, SOC2
• Excellent written, oral, and influencing skills with the ability to work autonomously
• A strong focus on continuous improvement, with a proven ability to challenge the status quo constructively
• Broad knowledge of current Governance, Risk and Compliance (GRC) technological tools and methodologies
• Strong consultative skills, enabling effective communication of complex concepts to both technical and non-technical audiences
• Meticulous attention to detail
• A strong desire to learn and expand knowledge in the field of information security

Responsibilities

• Lead and manage a team of Security GRC professionals, providing guidance, mentorship, and support in their professional development
• Develop and drive the organisation's overarching information security and GRC strategy, ensuring alignment with business objectives and proactive mitigation of security risks
• Oversee the design, implementation, and continuous improvement of security governance processes, risk management frameworks, and compliance programs to ensure robust risk mitigation and regulatory compliance (eg. ISO 27001, SOC2, etc.)
• Lead internal and external security audits, ensuring the organisation meets compliance requirements and deadlines
• Coordinate with auditors and facilitate the audit process, addressing gaps and driving remediation efforts based on audit findings
• Ensure timely preparation and management of audit documentation and evidence
• Establish and maintain high-level information security policies, procedures, and standards
• Ensure that they are effectively enforced and aligned with industry best practices and compliance requirements
• Serve as the primary liaison between internal stakeholders (IT, legal, compliance, product, engineering) to ensure effective implementation of security and risk initiatives and promote a culture of security across the organisation
• Lead regular risk assessments, audits, and vulnerability assessments
• Provide strategic recommendations to senior leadership based on findings and industry best practices
• Oversee and guide the response to security incidents, ensuring rapid remediation, effective communication, and root cause analysis
• Foster a security-conscious culture by developing and delivering security training programs, ensuring that employees at all levels understand their role in maintaining information security
• Stay current with emerging trends in information security, governance, and compliance
• Recommend and implement continuous improvements to enhance security practices and safeguard the organisation’s data and assets
• Ensure the company meets compliance requirements and audit deadlines
• Prepare and manage compliance documentation, working with external auditors when necessary

Preferred Qualifications

Industry certifications such as CISSP, CISM or CISA are highly desirable

Benefits

• You will work remotely, with the flexibility to own your time and impact
• You will access cutting-edge tools to amplify your work, knowledge and outputs
• You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life
• You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies
• A very generous paternity leave policy
• Subsidised egg freezing
• A WFH office expense budget
• Outstanding learning & development opportunities