Team Lead Engineering - Security Governance & Data Protection

Summary

Join Xero as a Team Lead Engineering - Security Governance & Data Protection and lead two critical security teams: Governance and Data Protection. The Governance team ensures robust Identity Governance, automates compliance processes, and streamlines Continuous Assurance. The Data Protection team focuses on implementing and managing DLP controls as part of Xero’s SASE program. You will drive a risk-based, automation-first approach to security governance and compliance, enabling Xero to scale security operations efficiently and ensure data security as the business grows. You will lead and expand Identity Governance capabilities, oversee the Identity Management Engine, and collaborate with stakeholders to align security governance with business objectives. You will also lead the Data Protection team, focusing on DLP controls to protect sensitive data. This role requires strong expertise in Security Governance, Identity Governance, Compliance Automation, and Data Protection, as well as experience leading teams and fostering a culture of security enablement.

Requirements

• Strong expertise in Security Governance, Identity Governance, Compliance Automation, and Data Protection
• Coach & mentor – Utilising software delivery, technical experience and expertise, offer the right knowledge, at the right time in the right way – understanding why and how people learn
• Growth mindset – Understand that competency is not fixed but is enhanced through dedication and hard work. Demonstrate a love of learning and resilience to adversity that is essential for great accomplishment
• High EQ – Self aware, self regulated, motivated and empathetic, with great interpersonal skills
• Leading/living the vision & values – Build and foster an inclusive and positive team culture. Keep the team’s vision and values at the forefront of decision-making
• Communicate and help others understand the importance of the vision and values. Translate the vision and values into day-to-day activities and behaviors
• Have a good understanding of the importance of Xero's Engineering standards and practices and are able to coach teams to adhere to them
• People Leadership – Demonstrate honesty and integrity. Provide clear objectives, guide career development and foster an inclusive environment that promotes psychological safety and teamwork. Clearly communicate expectations. Have an open mind and the flexibility to change opinions. Develop and support others
• Teamwork – Work with peers and stakeholders to establish an overall collaborative relationship
• Outstanding communication and time management skills
• Experience implementing and managing Identity Governance solutions (e.g., user access reviews, provisioning automation)
• Experience leading Data Protection initiatives, including DLP implementations in cloud and hybrid environments
• Strong knowledge of SASE, Zero Trust, and cloud security principles, ensuring security is scalable and frictionless
• Experience in security automation, leveraging tools and platforms to reduce manual effort and improve security efficiency
• Proven track record of leading teams to deliver high-quality software in a fast-paced environment, leveraging Lean-Agile techniques, while managing competing priorities and ensuring alignment with strategic goals
• Excellent grasp of modern software delivery practices and life cycle
• Proven ability to balance the needs of the individual with the needs of the business
• Experience with coaching and mentoring
• Strong stakeholder management skills, with the ability to influence without authority and align security priorities with business needs
• Passion for developer enablement, making security accessible and empowering engineers to write secure code

Responsibilities

• Lead and expand Identity Governance capabilities, ensuring scalable and efficient user access reviews, provisioning, and entitlements management across AWS and GCP
• Oversee the Identity Management Engine, ensuring it meets business needs while enabling self-service access control for teams
• Work with security architects and engineering teams to improve access governance, least privilege enforcement, and automated identity lifecycle management
• Collaborate with internal stakeholders to ensure alignment between security governance, compliance, and business objectives
• Develop and implement Continuous Assurance capabilities, automating security controls to support ISO, SOC2, and other regulatory attestations
• Work with compliance and security teams to streamline audit processes, reducing the manual effort required for security certifications
• Establish automated security evidence collection for compliance reporting and stakeholder visibility
• Lead the Data Protection team, focusing on Data Loss Prevention (DLP) controls to protect sensitive data across Xero’s environments
• Ensure DLP policies are aligned with business needs, balancing security requirements with productivity
• Work closely with the SASE program team to integrate data security policies into Xero’s cloud and network security architecture
• As required, lead, develop, and grow a high-performing team by providing coaching, mentorship, and setting a clear direction by connecting the work they do to the Technology and Xero’s strategic objectives
• Foster a culture of security enablement, where developers and engineers feel supported in building secure products
• Collaborate with cross-functional teams, ensuring governance and data security initiatives support Xero’s broader security and business strategies
• Champion continuous improvement, leveraging industry best practices and emerging trends to refine security approaches
• Promote a culture of psychological safety and inclusion, ensuring all team members feel empowered to contribute and raise concerns
• Successfully manages and expands Identity Governance capabilities based on product requirements, ensuring access reviews and provisioning are efficient, scalable, and automated
• Ensures AWS and GCP access management is aligned with least privilege and zero trust principles
• Implements automation to reduce the operational burden of identity governance and compliance
• Delivers a Continuous Assurance framework, significantly reducing manual work for ISO and SOC2 attestations
• Automates compliance evidence collection, making audit and security certifications faster and more efficient
• Provides clear visibility into security control effectiveness through data-driven insights
• Successfully deploys DLP controls as part of the SASE program, ensuring proactive data security policies
• Works closely with security operations and risk teams to monitor and mitigate data security threats
• Establishes effective incident response processes for data protection violations
• Clearly understand how their work contributes to Xero’s security and business success
• Clearly understand their areas of development and their personal growth. Feel supported in their career growth and technical development
• Actively collaborate with engineering teams, breaking down silos and fostering a culture of shared security responsibility
• Are empowered and challenged to do their best work and their skills are continuously being developed through new learnings and experiences
• Contribute to security knowledge-sharing across Xero, empowering product teams to take ownership of security within their domains
• Are recognised and celebrated for good performance, and effectively managed when performing poorly
• Are supported to produce the best work of their lives by your understanding and ability to remove barriers