Security Risk and Compliance Specialist

Summary

Join Xero as a Security Risk and Compliance Specialist and contribute to enhancing the company's security posture. You will work with cross-functional teams to perform gap analyses, identify integration requirements, and remediate security risks. This role focuses on Xero's Mergers and Acquisitions portfolio, requiring collaboration with subsidiaries on audits and compliance. You will support risk assessments, ensure compliance with standards like ISO 27001 and SOC 2, and monitor emerging threats. The ideal candidate possesses 3+ years of experience in information security and risk management, familiarity with relevant compliance frameworks, and strong stakeholder management skills. Xero offers a comprehensive benefits package including generous paid leave, mental health support, private medical insurance, and flexible working.

Requirements

• 3+ years in a role in an information security and risk management practice
• Experience with ISO27001:2022, SOC 2 Type 2 or PCI-DSS compliance frameworks
• Recognised as a high performer and leading contributor in your team
• Demonstrated ability to manage stakeholders with diverse priorities and expectations
• Able to communicate effectively to a wide range of people

Responsibilities

• Work with cross-functional and technical teams to perform and support gap analyses, identify integration requirements and security uplift opportunities, and perform integration and remediation work to ensure alignment with desired security outcomes
• Contribute to the maintenance and continual improvement of artefacts pertaining to M&A Security work streams, ensuring alignment with all industry regulations, standards, and compliance requirements
• Collaborate with subsidiaries on audit preparation, control scope and ownership, and remediation of findings to provide clarity and ensure successful compliance outcomes, dependent on integration model
• Demonstrate effective project management working collaboratively across Xero and its subsidiaries
• Support contributors across Xero and its subsidiaries in conducting risk assessments to identify potential security threats and vulnerabilities, and evaluate security risks across all areas of Xero’s broader enterprise to ensure these are well understood and managed within Xero’s risk tolerance
• Ensure security compliance obligations with applicable laws, regulations and standards such as ISO 27001, SOC 2, PCI-DSS or other international or regional frameworks, are understood and met across Xero and its subsidiaries
• Monitor and assess emerging security threats and compliance requirements that could impact Xero and/or its subsidiaries, and propose strategies to address them
• Support process improvement and automation using technical skills and experience
• Foster cross-disciplinary understanding of security risk and compliance and raise awareness of risk and compliance concerns as a key consideration of product development

Preferred Qualifications

Experience working with Mergers and Acquisitions is desirable

Benefits

• Very generous paid leave to use however you’d like (plus statutory holidays!)
• Dedicated paid leave to care for your physical and mental wellbeing
• An Employee Assistance Program to access mental health care for you and your family
• Private medical insurance
• Gym passes
• Employee resource groups
• 26 weeks of paid parental leave for primary caregivers
• An Employee Share Plan
• Beautiful offices
• Flexible working