Security Risk and Compliance Specialist

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. 

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

About the role

The Security Risk and Compliance Specialist will bring their experience to a team working with all parts of the business to improve Xero’s security risk and compliance posture, to reduce the risk of security incidents and improve the efficiency and effectiveness of Xero’s security controls.

What you'll do

• Support contributors across Xero in conducting risk assessments to identify potential security threats and vulnerabilities, and evaluate security risks across all areas of Xero’s business, including product and technology, and third party software and services, to ensure these are well understood and managed within Xero’s risk tolerance. 
• Ensure security compliance obligations with applicable laws, regulations and standards such as ISO 27001, SOC 2, PCI-DSS or other international or regional frameworks, are understood and met across Xero. 
• Support product teams in performing threat modeling of new/updated product features. 
• Perform risk assessments for Ecosystem partners and third party suppliers, ensuring that security risks are assessed and understood prior to, and during the engagement with the third party. 
• Using the security risk management framework, ensure risks are documented, quantified, owned, communicated and escalated as appropriate across Xero. 
• Provide input to responses to customer and supplier security assessments. 
• Monitor and assess emerging security threats that could affect Xero, and propose strategies to mitigate them.
• Support process improvement and automation using technical skills and experience.
• Foster cross-disciplinary understanding of security risk and compliance and raise awareness of risk 

What success looks like

• Changes to Xero’s product and corporate infrastructure are in compliance with the IT Security Policy and standards and meet Xero’s compliance obligations. 
• Risks are identified and managed according to Xero’s risk appetite, in a timely manner and in alignment with business objectives.
• Security assessments are completed and documented for all new third party software and technology services. 
• Audits and other compliance assessment activities are completed successfully, and compliance is maintained with required standards. 
• Management has timely and appropriate visibility of Xero’s security risk status. 

What you'll bring

• 3+ years in a role in an information security and risk management practice
• Experience with ISO27001:2022, SOC 2 Type 2 or PCI-DSS compliance frameworks
• Recognised as a high performer and leading contributor in your team.
• Experience working with AI and data to drive automation.

Why Xero? 

Offering very generous paid leave to use however you’d like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, life insurance, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices with weekly fitness and yoga classes, flexible working, career development, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.

Our collaborative and inclusive culture is one we’re immensely proud of. We know that a diverse workforce is a strength that enables businesses, including ours, to better understand and serve customers, attract top talent and innovate successfully. So, from the moment you step through our doors, you’ll feel welcome and supported to do the best work of your life. At Xero we embrace diversity and inclusion and value a #challenge mindset.

Research has shown that women and underrepresented groups are less likely to apply to jobs unless they meet every single competency or experience. If you are excited about this role, but your past experience doesn't align perfectly, we encourage you to apply anyway. You could be just the right person for this role and Xero. If you have any support or access requirements, we encourage you to advise us at time of application and throughout the interview process.