Job Title

Who We AreEmployment Hero is on a mission to make employment easier and more valuable for everyone. Our Employment Operating System brings hiring, HR, payroll and benefits into an all-in-one solution. Since our inception in 2014, we''ve scaled to a $2 billion valuation and gained a presence in 6 countries globally Australia, New Zealand, Singapore, Malaysia, the UK and Canada. We now service over 300,000 businesses and more than 2 million employees.The EH WayWe are Mission First everything we do (from what we work on, to how we allocate capital and where we focus) is driven by our MissionWe are Remote First we champion a remote environment with a preference for asynchronous communication and a high degree of autonomyWe are AI First we are committed to using AI to accelerate our mission; AI is not just a tool, it''s a fundamental part of how we operate, innovate, and scaleWe are Apolitical we do not take a position on political or social topics, unless it relates to our MissionWe Live by Our Values we role model our values 100% of the timeWe Expect High Performance we set a high standard and we''re not satisfied with being averageThis roleAs our Security GRC Manager based in Australia in a full time capacity, you''ll be leading the Global Security GRC Team and will be instrumental in shaping the information security management strategy for Employment Hero, making sure we are at the forefront of information security excellence.ResponsibilitiesLeadership and Team Management Lead and manage a team of Security GRC professionals, providing guidance, mentorship, and support in their professional developmentStrategic Security Planning Develop and drive the organisation''s overarching information security and GRC strategy, ensuring alignment with business objectives and proactive mitigation of security risksGovernance, Risk, and Compliance Oversight Oversee the design, implementation, and continuous improvement of security governance processes, risk management frameworks, and compliance programs to ensure robust risk mitigation and regulatory compliance (e.g. ISO 27001, SOC2, etc.)Auditing and Compliance Reporting Lead internal and external security audits, ensuring the organisation meets compliance requirements and deadlines. Coordinate with auditors and facilitate the audit process, addressing gaps and driving remediation efforts based on audit findings. Ensure timely preparation and management of audit documentation and evidencePolicy Development and Enforcement Establish and maintain high-level information security policies, procedures, and standards. Ensure that they are effectively enforced and aligned with industry best practices and compliance requirementsStakeholder Collaboration Serve as the primary liaison between internal stakeholders (IT, legal, compliance, product, engineering) to ensure effective implementation of security and risk initiatives and promote a culture of security across the organisationRisk Assessment and Reporting Lead regular risk assessments, audits, and vulnerability assessments. Provide strategic recommendations to senior leadership based on findings and industry best practicesSecurity Incident Management Oversee and guide the response to security incidents, ensuring rapid remediation, effective communication, and root cause analysisTraining and Awareness Foster a securityconscious culture by developing and delivering security training programs, ensuring that employees at all levels understand their role in maintaining information securityContinuous Improvement and Innovation Stay current with emerging trends in information security, governance, and compliance. Recommend and implement continuous improvements to enhance security practices and safeguard the organisation''s data and assetsCompliance Reporting and Audit Management Ensure the company meets compliance requirements and audit deadlines. Prepare and manage compliance documentation, working with external auditors when necessaryWho you areA degree in information technology, information security, risk management, or equivalent work experienceIndustry certifications such as CISSP, CISM or CISA are highly desirableLeadership & Communication Skills Proven ability to lead and manage a team, with strong consultative, written, and verbal communication skills. Ability to influence stakeholders at all levels of the organizationDemonstrated knowledge and understanding of contemporary frameworks and methodologies, such as ISO 27001, NIST 800-53, SOC2Excellent written, oral, and influencing skills with the ability to work autonomouslyA strong focus on continuous improvement, with a proven ability to challenge the status quo constructivelyBroad knowledge of current Governance, Risk and Compliance (GRC) technological tools and methodologiesStrong consultative skills, enabling effective communication of complex concepts to both technical and non-technical audiencesMeticulous attention to detailA strong desire to learn and expand knowledge in the field of information securityWhat we can offerYou will work remotely, with the flexibility to own your time and impactYou will access cuttingedge tools to amplify your work, knowledge and outputsYou''ll surround yourself with ambitious, outcomedriven colleagues who challenge you to do the best work of your lifeYou''ll own ESOP (employee share options) in one of the world''s fastestgrowing tech companiesYou''ll also have access to a wide range of benefits that includes a very generous paternity leave policy, subsidised egg freezing (so you can make the choice that''s right for you, on your terms), a WFH office expense budget, and outstanding learning & development opportunitiesAt Employment Hero, we are committed to safeguarding the privacy of your application data. To understand how we do so, you can read our Applicant Privacy Policy here employmenthero.com/legals/applicant-policy/Employment Hero celebrates diverse perspectives and experiences, we invite people of all backgrounds and identities to apply for this position. #J-18808-Ljbffr