Security Risk and Compliance Specialist

Summary

Join Xero's Security Risk and Compliance team as a Security Risk and Compliance Specialist, focusing on the Mergers and Acquisitions portfolio. You will work with cross-functional teams to improve Xero's security risk and compliance posture. Responsibilities include performing gap analyses, identifying integration requirements, ensuring alignment with security outcomes and industry regulations, collaborating with subsidiaries on audits, conducting risk assessments, and monitoring emerging threats. The role requires 3+ years of experience in information security and risk management, experience with specific compliance frameworks (ISO27001:2022, SOC 2 Type 2, or PCI-DSS), and strong stakeholder management skills. Xero offers generous paid leave, wellbeing benefits, referral bonuses, parental leave, an employee share plan, flexible working, and career development opportunities.

Requirements

• 3+ years in a role in an information security and risk management practice
• Experience with ISO27001:2022, SOC 2 Type 2 or PCI-DSS compliance frameworks
• Recognised as a high performer and leading contributor in your team
• Demonstrated ability to manage stakeholders with diverse priorities and expectations
• Able to communicate effectively to a wide range of people

Responsibilities

• Work with cross-functional and technical teams to perform and support gap analyses, identify integration requirements and security uplift opportunities, and perform integration and remediation work to ensure alignment with desired security outcomes
• Contribute to the maintenance and continual improvement of artefacts pertaining to M&A Security work streams, ensuring alignment with all industry regulations, standards, and compliance requirements
• Collaborate with subsidiaries on audit preparation, control scope and ownership, and remediation of findings to provide clarity and ensure successful compliance outcomes, dependent on integration model
• Demonstrate effective project management working collaboratively across Xero and its subsidiaries
• Support contributors across Xero and its subsidiaries in conducting risk assessments to identify potential security threats and vulnerabilities, and evaluate security risks across all areas of Xero’s broader enterprise to ensure these are well understood and managed within Xero’s risk tolerance
• Ensure security compliance obligations with applicable laws, regulations and standards such as ISO 27001, SOC 2, PCI-DSS or other international or regional frameworks, are understood and met across Xero and its subsidiaries
• Monitor and assess emerging security threats and compliance requirements that could impact Xero and/or its subsidiaries, and propose strategies to address them
• Support process improvement and automation using technical skills and experience
• Foster cross-disciplinary understanding of security risk and compliance and raise awareness of risk and compliance concerns as a key consideration of product development

Preferred Qualifications

Experience working with Mergers and Acquisitions is desirable

Benefits

• Offering very generous paid leave to use however you’d like (plus statutory holidays!)
• Dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family
• Cash referral bonuses
• Employee resource groups
• 26 weeks of paid parental leave for primary caregivers
• An Employee Share Plan
• Beautiful offices with snacks, coffee, and spaces for you to take a break
• Flexible working
• Career development