Governance, Risk and Compliance Manager

Job description

About LEAP

LEAP is the leading provider of Legal Practice Management Solutions in the world and is part of ATI – one of the largest international LegalTech companies. For more than 30 years, our curiosity and commitment to continual improvement has kept us reimagining productivity tools for lawyers and their staff to support our guiding purpose, to ‘Help lawyers who help people’. The market-leading software we develop, and support is used by more than 71,000 lawyers and their staff in small and medium-sized law firms.

Working alongside our international team of passionate high achievers, you’ll join a fast-growing technology business where things seldom stay the same for long. With more than 1000 smart, caring and ambitious ‘LEAPsters’ working together across Australia, Canada, the United States, the United Kingdom, the Republic of Ireland, Poland and New Zealand, you’ll find yourself in good company here.

Meet the Security team

Our Security team protects LEAP’s people, information, infrastructure and applications from an evolving cyber threat landscape. Working closely with internal teams and external partners, we embed practical, fit-for-purpose security practices across the business.

The team spans three specialist domains that work closely together to deliver a mature, scalable and enterprise-ready security capability. You’ll be joining an established, supportive group that values collaboration, shared ownership and high standards.

We’re passionate about staying ahead of emerging threats, investigating incidents and analysing malware using modern threat intelligence and tools to continuously strengthen LEAP’s security posture and protect what matters most.

What you’ll do

LEAP is scaling rapidly into enterprise, government, and highly regulated markets, requiring a world-class security and compliance program that protects client data and supports enterprise sales.

As the Governance, Risk and Compliance (GRC) Manager, you will own and lead LEAP’s global GRC function, defining and operating our security and compliance framework across multiple products, entities, and regions. You’ll ensure controls are clearly documented, independently assured, and communicated consistently to customers, auditors, and internal stakeholders.

This role is critical to enabling enterprise growth. You will streamline responses to security questionnaires and audits, reduce friction in the sales process, and provide executives with clear visibility of risk and control maturity, while working closely with Information Security, Engineering, IT, Product, and Legal to ensure compliance scales with the business.

To make this happen, you will:

• Own and mature LEAP’s global governance, risk, and compliance program, aligned to SOC 2, ISO 27001, NIST CSF, and relevant regional frameworks.
• Lead audits and independent assessments, acting as the primary contact for external auditors and assessors.
• Maintain a single source of truth for security policies, controls, and evidence across LEAP and its product portfolio.
• Ensure compliance scales as the business grows, acquires products, and expands into new markets.
• Establish and run an enterprise risk management framework, including risk assessments and executive risk acceptance.
• Conduct access reviews, control effectiveness reviews, and third-party risk assessments, providing pragmatic guidance on risk and trade-offs.
• Own enterprise security questionnaires, RFPs, and due diligence responses, reducing friction in the sales process.
• Maintain LEAP’s client-facing Trust Centre and standardise responses to recurring customer questions.
• Act as the escalation point for complex assurance topics, including AI usage, data handling, and product architecture.
• Oversee security awareness and training programs to lift security maturity across the organisation.
• Work closely with Information Security, Engineering, IT, Product, and Sales to embed compliance without slowing delivery.
• Use automation and tooling to improve efficiency, reduce reactive work, and help build a scalable, sustainable security function.

What you’ll bring

• Proven experience in GRC, Technology Risk, or Information Security Compliance roles within SaaS, cloud, or technology environments.
• Hands-on experience owning SOC 2 and/or ISO 27001 programs, and supporting enterprise customer security due diligence.
• Strong understanding of cloud infrastructure, SaaS architectures, and modern software delivery practices.
• Experience leading audits, managing evidence, and engaging directly with customers, auditors, and internal stakeholders.
• Ability to translate technical security controls into clear, business-focused explanations that support sales and executive decision-making.
• Experience operating in complex or multi-entity environments, and working pragmatically with changing requirements and incomplete information
• Prior people leadership experience, or readiness to build and lead a small GRC team.

You are the type of person who

• Takes genuine ownership of GRC, seeing problems through from identification to resolution rather than waiting for direction.
• Builds strong, pragmatic relationships with engineering, IT, product, legal, and sales teams to get things done.
• Is comfortable influencing senior leaders, clearly explaining risk, trade-offs, and recommendations to support good decision-making.
• Provides practical, well-reasoned advice that balances security, compliance, and commercial realities.
• Thrives in a fast-changing environment, adapting priorities and approach as the business evolves.

LEAP is an inclusive, people-first company committed to breaking down institutional barriers that keep people from reaching their potential. If you meet some, but not all the requirements above, we encourage you to still submit your application.

Why join LEAP?

• Your work matters. Helping lawyers help people sits at the heart of everything we do. We solve real world problems that improve and support local, everyday law firms. So they can do their best work for the people in the communities they serve.
• Make an impact. You won’t be another ‘cog in the wheel’ here. We give full trust and autonomy for you to be heard, to work on big & complex projects – and to make a real difference.
• Work with a group of authentic, passionate people who love what they do.
• Flexible and hybrid working. We’d like to find this person in Sydney, but we want you to work in a way that suits you and we’re open to flexible arrangements that support you.
• Grow your career with us. Our founder Christian Beck has been building legal tech businesses for over 30 years. There are opportunities galore to expand your career based on where your interests lie. We’re not afraid to pivot based on market conditions - you will always have the opportunity to stay ahead of the curve and do your best work here.
• Have fun with us. Celebrations. Socials. Sports teams. Access to sailing and yacht events.
• We value your well-being - enjoy an additional paid wellbeing day every year, free gym membership, corporate dental plan and weekly massages in the office.
• Work in a new, beautiful office space– with a catered lunch and breakfast every week, fully stocked kitchen and an on-site barista.
• Access to LEAP Home - a program unique to LEAP to support you in buying your primary residence.

#LI-MB1