Security Risk and Compliance Specialist

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. 

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

The Security Risk and Compliance Specialist will bring their experience to a team working with all parts of the business to improve Xero’s security risk and compliance posture, to reduce the risk of security incidents and improve the efficiency and effectiveness of Xero’s security controls. This role has a focus on Xero’s Mergers and Acquisitions portfolio.

What you'll do

• Work with cross-functional and technical teams to perform and support gap analyses, identify integration requirements and security uplift opportunities, and perform integration and remediation work to ensure alignment with desired security outcomes.
• Contribute to the maintenance and continual improvement of artefacts pertaining to M&A Security work streams, ensuring alignment with all industry regulations, standards, and compliance requirements.
• Collaborate with subsidiaries on audit preparation, control scope and ownership, and remediation of findings to provide clarity and ensure successful compliance outcomes, dependent on integration model.
• Demonstrate effective project management working collaboratively across Xero and its subsidiaries.
• Support contributors across Xero and its subsidiaries in conducting risk assessments to identify potential security threats and vulnerabilities, and evaluate security risks across all areas of Xero’s broader enterprise to ensure these are well understood and managed within Xero’s risk tolerance. 
• Ensure security compliance obligations with applicable laws, regulations and standards such as ISO 27001, SOC 2, PCI-DSS or other international or regional frameworks, are understood and met across Xero and its subsidiaries. 
• Monitor and assess emerging security threats and compliance requirements that could impact Xero and/or its subsidiaries, and propose strategies to address them.
• Support process improvement and automation using technical skills and experience.
• Foster cross-disciplinary understanding of security risk and compliance and raise awareness of risk and compliance concerns as a key consideration of product development.

What you'll bring with you

• 3+ years in a role in an information security and risk management practice
• Experience with ISO27001:2022, SOC 2 Type 2 or PCI-DSS compliance frameworks
• Recognised as a high performer and leading contributor in your team.
• Experience working with Mergers and Acquisitions is desirable.
• Demonstrated ability to manage stakeholders with diverse priorities and expectations.
• Able to communicate effectively to a wide range of people

Why Xero?

Offering very generous paid leave to use however you’d like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, private medical insurance, gym passes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.