Security Grc Specialist

Employment Hero
Summary
Join Employment Hero as our Security GRC Specialist and play a pivotal role in shaping our information security management strategy. You will operate our information security management system, develop and execute a holistic information security strategy, and write and maintain information security policies. This role involves collaborating with various teams, responding to compliance audit requests, conducting internal audits, and implementing security tools. You will need a degree in a relevant field or equivalent experience, along with strong communication and problem-solving skills. Employment Hero offers remote work flexibility, cutting-edge tools, a supportive team environment, ESOPs, and a generous benefits package including parental leave, subsidized egg freezing, and learning and development opportunities.
Requirements
- A degree in information technology, information security, risk management, or equivalent work experience
- Excellent written, oral, and influencing skills with the ability to work autonomously
- A strong focus on continuous improvement, with a proven ability to challenge the status quo constructively
- Meticulous attention to detail
- A strong desire to learn and expand knowledge in the field of information security
Responsibilities
- Operate the information security management system across Employment Hero
- Develop and execute a holistic information security strategy that aligns with the company's objectives and effectively mitigates cyber threats
- Write and maintain information security policies to ensure compliance and the protection of sensitive data
- Support the improvement and management of our cyber security capabilities
- Stay up to date with the latest cybersecurity threats, trends, and technologies, and proactively recommend enhancements to the company's security posture
- Collaborate with internal stakeholders, including IT, product, legal, and engineering teams, to identify security requirements and implement appropriate controls and safeguards
- Respond to compliance audit requests and demonstrate a strong understanding of compliance frameworks and regulations such as ISO27001, SOC2
- Conduct internal audits and provide recommendations to key stakeholders based on findings
- Implement and maintain security tools and systems to ensure optimal performance and address evolving threats
Preferred Qualifications
- Industry certifications such as CISSP, CISM or CISA
- Demonstrated knowledge and understanding of contemporary frameworks and methodologies, such as ISO 27001, SOC2, NIST 800-53, NIST Cyber Security Framework (CSF), and Australian Information Security Manual (ISM)
- Broad knowledge of current Governance, Risk and Compliance (GRC) technological tools and methodologies
- Strong consultative skills, enabling effective communication of complex concepts to both technical and non-technical audiences
Benefits
- You will work remotely, with the flexibility to own your time and impact
- You will access cutting-edge tools to amplify your work, knowledge and outputs
- You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life
- You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies
- A very generous paternity leave policy
- Subsidised egg freezing
- A WFH office expense budget
- Outstanding learning & development opportunities