Security GRC Manager

🇦🇺 Australia - Remote
🔒 Cybersecurity🟠 Manager

Job description

Who we are

Employment Hero is on a mission to make employment easier and more valuable for everyone. Our Employment Operating System brings hiring, HR, payroll and benefits into an all-in-one solution.

Since our inception in 2014, we’ve scaled to a $2 billion valuation and gained a presence in 6 countries globally - Australia, New Zealand, Singapore, Malaysia, the UK and Canada. We now service over 300,000 businesses and more than 2 million employees.

The EH Way

At Employment Hero, we’re proud of our unique DNA, which we call The EH Way.

  1. We are Mission First - everything we do (from what we work on, to how we allocate capital and where we focus) is driven by our Mission
  2. We are Remote First - we champion a remote environment with a preference for asynchronous communication and a high degree of autonomy
  3. We are AI First - we are committed to using AI to accelerate our mission; AI is not just a tool, it’s a fundamental part of how we operate, innovate, and scale
  4. We are Apolitical - we do not take a position on political or social topics, unless it relates to our Mission
  5. We Live by Our Values - we role model our values 100% of the time
  6. We Expect High Performance - we set a high standard and we’re not satisfied with being average

This role

As our Security GRC Manager based in Australia in a full time capacity, you’ll be leading the Global Security GRC Team and will be instrumental in shaping the information security management strategy for Employment Hero, making sure we are at the forefront of information security excellence.

Your key focus areas will be

  • Leadership and Team Management - Lead and manage a team of Security GRC professionals, providing guidance, mentorship, and support in their professional development.
  • Strategic Security Planning - Develop and drive the organisation’s overarching information security and GRC strategy, ensuring alignment with business objectives and proactive mitigation of security risks.
  • Governance, Risk, and Compliance Oversight - Oversee the design, implementation, and continuous improvement of security governance processes, risk management frameworks, and compliance programs to ensure robust risk mitigation and regulatory compliance (eg. ISO 27001, SOC2, etc.)
  • Auditing and Compliance Reporting Lead internal and external security audits, ensuring the organisation meets compliance requirements and deadlines. Coordinate with auditors and facilitate the audit process, addressing gaps and driving remediation efforts based on audit findings. Ensure timely preparation and management of audit documentation and evidence.
  • Policy Development and Enforcement - Establish and maintain high-level information security policies, procedures, and standards. Ensure that they are effectively enforced and aligned with industry best practices and compliance requirements.
  • Stakeholder Collaboration - Serve as the primary liaison between internal stakeholders (IT, legal, compliance, product, engineering) to ensure effective implementation of security and risk initiatives and promote a culture of security across the organisation.
  • Risk Assessment and Reporting - Lead regular risk assessments, audits, and vulnerability assessments. Provide strategic recommendations to senior leadership based on findings and industry best practices.
  • Security Incident Management - Oversee and guide the response to security incidents, ensuring rapid remediation, effective communication, and root cause analysis.
  • Training and Awareness - Foster a security-conscious culture by developing and delivering security training programs, ensuring that employees at all levels understand their role in maintaining information security.
  • Continuous Improvement and Innovation - Stay current with emerging trends in information security, governance, and compliance. Recommend and implement continuous improvements to enhance security practices and safeguard the organisation’s data and assets.
  • Compliance Reporting and Audit Management - Ensure the company meets compliance requirements and audit deadlines. Prepare and manage compliance documentation, working with external auditors when necessary.

Who you are

To thrive at Employment Hero, you’ll need to embody The EH Way - operating with focus, agility, and an obsession with impact. For this role, you’ll also bring

  • A degree in information technology, information security, risk management, or equivalent work experience.
  • Industry certifications such as CISSP, CISM or CISA are highly desirable
  • Leadership & Communication Skills - Proven ability to lead and manage a team, with strong consultative, written, and verbal communication skills. Ability to influence stakeholders at all levels of the organization.
  • Demonstrated knowledge and understanding of contemporary frameworks and methodologies, such as ISO 27001, NIST 800-53, SOC2
  • Excellent written, oral, and influencing skills with the ability to work autonomously.
  • A strong focus on continuous improvement, with a proven ability to challenge the status quo constructively.
  • Broad knowledge of current Governance, Risk and Compliance (GRC) technological tools and methodologies.
  • Strong consultative skills, enabling effective communication of complex concepts to both technical and non-technical audiences.
  • Meticulous attention to detail.
  • A strong desire to learn and expand knowledge in the field of information security.

What we can offer

At Employment Hero, we don’t just talk about a better way to work - we live it. Joining Employment Hero means

  • You will work remotely, with the flexibility to own your time and impact
  • You will access cutting-edge tools to amplify your work, knowledge and outputs
  • You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life
  • You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies
  • You’ll also have access to a wide range of benefits that includes: a very generous paternity leave policy, subsidised egg freezing (so you can make the choice that’s right for you, on your terms), a WFH office expense budget, and outstanding learning & development opportunities

At Employment Hero, we are committed to safeguarding the privacy of your application data. To understand how we do so, you can read our Applicant Privacy Policy here - employmenthero.com/legals/applicant-policy/

Employment Hero celebrates diverse perspectives and experiences, we invite people of all backgrounds and identities to apply for this position.

Share this job:
Please let Employment Hero know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply