Cyber Security Manager

Job Description

Come shape the future of education with us.

At Compass, we’re on a mission to transform the school day for everyone - from staff and students to families and administrators. We build smart, seamless technology that empowers schools to focus on what really matters: learning, growing and thriving.

That mission has fuelled our growth into a global scale-up, now supporting 5,000+ schools across three countries, backed by a team of 300+ people. Our all-in-one school management platform is redefining how education communities connect, communicate and operate.

We’re now looking for a Cyber Security Manager to join our Technology team in Melbourne.

About the Role

Reporting to the Head of Technology, you’ll work alongside senior leadership to build and own the security roadmap for Compass. You’ll be the primary voice on platform, infrastructure and application security, shaping how the organisation approaches risk and setting the standard for security practice across the business. You’ll also manage and mentor a small team, helping to grow the function from the ground up.

What you’ll do

• Work alongside the Head of Technology to build the security roadmap, set standards and be the authoritative voice on security risk and posture.
• Build and maintain a formal risk register covering vulnerabilities, remediation progress and residual risk.
• Advise the Head of Technology and senior leadership on security risks, incidents and investment priorities.
• Lead and conduct penetration testing across web applications, APIs, infrastructure and cloud, and manage third-party pen test engagements.
• Identify and remediate security gaps including access control, database security (MongoDB, Redis, SQL), secrets management and cloud IAM.
• Assess and improve GCP security configuration including VPC architecture, IAM policies, audit logging and Cloud Security Command Centre.
• Work with DevOps and platform engineers to harden infrastructure and review Terraform and CI/CD pipelines.
• Oversee application security including OWASP Top 10, code review involvement and secure SDLC guidance for the development team.
• Lead incident detection and response across the platform.
• Oversee and quality-assure security investigations, including school-facing audit and access cases handled by junior team members.
• Ensure investigation processes are documented, consistent and legally defensible under Australian privacy law and, where relevant, UK/EU data protection requirements.
• Own data access governance - who can access what, under what conditions and with what audit trail.
• Manage and mentor junior team members, setting workload, providing direction and supporting their development.

About You

This role suits someone who can operate at both a strategic and hands-on level, communicate risk clearly to senior leadership and translate security requirements into actionable guidance for engineering teams.

You will bring:

• 5+ years of hands-on cyber security experience with depth in both application and infrastructure security.
• Strong penetration testing skills across web applications, APIs, network and cloud, including managing third-party engagements.
• Solid cloud security knowledge, particularly GCP or AWS (IAM, network security, audit logging, secrets management and posture tooling).
• Proven ability to identify and remediate vulnerabilities in production environments.
• Practical experience with security risk management - building a risk register, prioritising remediation and communicating risk to non-technical stakeholders.
• Familiarity with database security across relational and NoSQL systems - access control, encryption and audit logging.
• Understanding of Australian SaaS compliance obligations and privacy frameworks.
• Clear communication skills - able to translate technical risk for leadership and turn security requirements into practical guidance for engineers.
• Experience managing or mentoring junior security staff.

Highly regarded:

• Relevant certifications such as OSCP, CISSP, CISM or equivalent.
• Familiarity with UK/EU data protection requirements including GDPR.
• Prior experience in EdTech, SaaS or a high-growth scale-up environment.

Why Join Compass

You’ll join a purpose-driven company at a genuinely exciting stage of growth, with the opportunity to make a real impact on education at scale.

What we offer:

• A hybrid working environment, based out of our Melbourne office hub.
• Learning and development opportunities, including a dedicated PD budget.
• ²⁴⁄₇ access to our Employee Assistance Program (EAP), including face-to-face, phone and live chat support.
• A parental leave program for both primary and secondary carers.
• Regular team events, social budgets and in-office perks help you stay connected, from team lunches to end-of-week socials.
• Employee Referral Program
• A supportive, inclusive culture where your voice is valued and heard.

Compass is proud to be an equal opportunity employer. We embrace and celebrate diversity and are committed to creating an inclusive environment for all employees.

Prior to commencing employment, you’ll need:

• A valid Employee Working With Children Check
• A satisfactory National Police Check
• Verification of unrestricted work rights in Australia (e.g. citizenship, passport or birth certificate)

Ready to Apply?

If you’re excited by the opportunity to build our security function at a purpose-driven tech company shaping the future of education, we’d love to hear from you.

Find out more about Compass on our website - www.compass.education.