Security GRC Specialist

Summary

Join Employment Hero as our Security GRC Specialist and play a key role in shaping our information security management strategy. You will operate our information security management system, develop and execute a holistic information security strategy, write and maintain information security policies, and support the improvement of our cybersecurity capabilities. This role requires staying current on cybersecurity threats and trends, collaborating with internal stakeholders, responding to compliance audit requests, conducting internal audits, and implementing security tools and systems. You will work remotely with flexibility to manage your time and impact. Employment Hero offers access to cutting-edge tools, a collaborative environment, ESOPs, and a wide range of benefits including generous paternity leave, subsidized egg freezing, a WFH office expense budget, and excellent learning and development opportunities.

Requirements

• A degree in information technology, information security, risk management, or equivalent work experience
• Demonstrated knowledge and understanding of contemporary frameworks and methodologies, such as ISO 27001, SOC2, NIST 800-53, NIST Cyber Security Framework (CSF), and Australian Information Security Manual (ISM)
• Excellent written, oral, and influencing skills with the ability to work autonomously
• A strong focus on continuous improvement, with a proven ability to challenge the status quo constructively
• Broad knowledge of current Governance, Risk and Compliance (GRC) technological tools and methodologies
• Strong consultative skills, enabling effective communication of complex concepts to both technical and non-technical audiences
• Meticulous attention to detail
• A strong desire to learn and expand knowledge in the field of information security

Responsibilities

• Operate the information security management system across Employment Hero
• Develop and execute a holistic information security strategy that aligns with the company's objectives and effectively mitigates cyber threats
• Write and maintain information security policies to ensure compliance and the protection of sensitive data
• Support the improvement and management of our cyber security capabilities
• Stay up to date with the latest cybersecurity threats, trends, and technologies, and proactively recommend enhancements to the company's security posture
• Collaborate with internal stakeholders, including IT, product, legal, and engineering teams, to identify security requirements and implement appropriate controls and safeguards
• Respond to compliance audit requests and demonstrate a strong understanding of compliance frameworks and regulations such as ISO27001, SOC2
• Conduct internal audits and provide recommendations to key stakeholders based on findings
• Implement and maintain security tools and systems to ensure optimal performance and address evolving threats

Preferred Qualifications

Industry certifications such as CISSP, CISM or CISA are highly desirable

Benefits

• You will work remotely, with the flexibility to own your time and impact
• You will access cutting-edge tools to amplify your work, knowledge and outputs
• You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life
• You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies
• You’ll also have access to a wide range of benefits that includes: a very generous paternity leave policy, subsidised egg freezing (so you can make the choice that’s right for you, on your terms), a WFH office expense budget, and outstanding learning & development opportunities