Security Risk and Compliance Specialist

Posted 10 Days Ago
Be an Early Applicant
Wellington
Hybrid
Mid level
Cloud • Fintech • Information Technology • Machine Learning • Software
Xero’s online accounting software connects small business owners with their numbers, their bank, and advisors anytime.
The Role
The Security Risk and Compliance Specialist at Xero will assess security threats, ensure compliance with relevant regulations, and support product teams in threat modeling. The role involves conducting risk assessments for internal and third-party software, documenting risks, and proposing strategies to mitigate emerging security threats while fostering awareness of security risk within the organization.
Summary Generated by Built In

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. 


At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.


About the role


The Security Risk and Compliance Specialist will bring their experience to a team working with all parts of the business to improve Xero’s security risk and compliance posture, to reduce the risk of security incidents and improve the efficiency and effectiveness of Xero’s security controls.

What you'll do

  • Support contributors across Xero in conducting risk assessments to identify potential security threats and vulnerabilities, and evaluate security risks across all areas of Xero’s business, including product and technology, and third party software and services, to ensure these are well understood and managed within Xero’s risk tolerance. 
  • Ensure security compliance obligations with applicable laws, regulations and standards such as ISO 27001, SOC 2, PCI-DSS or other international or regional frameworks, are understood and met across Xero. 
  • Support product teams in performing threat modeling of new/updated product features. 
  • Perform risk assessments for Ecosystem partners and third party suppliers, ensuring that security risks are assessed and understood prior to, and during the engagement with the third party. 
  • Using the security risk management framework, ensure risks are documented, quantified, owned, communicated and escalated as appropriate across Xero. 
  • Provide input to responses to customer and supplier security assessments. 
  • Monitor and assess emerging security threats that could affect Xero, and propose strategies to mitigate them.
  • Support process improvement and automation using technical skills and experience.
  • Foster cross-disciplinary understanding of security risk and compliance and raise awareness of risk 

What success looks like

  • Changes to Xero’s product and corporate infrastructure are in compliance with the IT Security Policy and standards and meet Xero’s compliance obligations. 
  • Risks are identified and managed according to Xero’s risk appetite, in a timely manner and in alignment with business objectives.
  • Security assessments are completed and documented for all new third party software and technology services. 
  • Audits and other compliance assessment activities are completed successfully, and compliance is maintained with required standards. 
  • Management has timely and appropriate visibility of Xero’s security risk status. 

What you'll bring

  • 3+ years in a role in an information security and risk management practice
  • Experience with ISO27001:2022, SOC 2 Type 2 or PCI-DSS compliance frameworks
  • Recognised as a high performer and leading contributor in your team.
  • Experience working with AI and data to drive automation.

Please note:

We will be observing a holiday shutdown period, during which there may be delays in our recruitment process, including responses and updates. We’ll resume full operations in the week commencing 13th January. Thank you for your patience and understanding.


Why Xero? 

Offering very generous paid leave to use however you’d like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, free medical insurance, wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, career development, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.

Top Skills

Iso 27001
Pci-Dss
Soc 2

What the Team is Saying

Rose
Sophia
The Company
HQ: Wellington
4,700 Employees
Hybrid Workplace
Year Founded: 2006

What We Do

Xero is a global small business platform with 3.95 million subscribers which includes a core accounting solution, payroll, workforce management, expenses and projects. Xero also has an extensive ecosystem of connected apps and connections to banks and other financial institutions helping small businesses access a range of solutions from within Xero’s open platform to help them run their business and manage their finances.

Why Work With Us

Xero is not like most companies. When you join Xero, you become part of something beautiful —a global community of people who are passionate about making an impact on the world. It’s a place where you can truly be yourself and find success in a way that’s meaningful to you.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Xero Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: Flexible
HQWellington, NZ
Singapore
Denver, CO
London, GB
New York, NY
Company Office Image
San Mateo, CA
Sydney, NSW
Toronto, Ontario
Learn more

Similar Jobs

Xero Logo Xero

Team Lead - Security Engineering (Identity and Access Management)

Cloud • Fintech • Information Technology • Machine Learning • Software
Hybrid
Wellington, NZL
4700 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account