Team Lead Engineering - Security Governance & Data Protection

at Xero
🇦🇺 Australia - Remote
🔒 Cybersecurity🟠 Manager

Job description

Our Purpose

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive.

At Xero, we’re here to make running a business beautiful. By making small business more efficient every day, connecting them with big business technology and empowering a community behind them, their potential is limitless. When that happens, we’re not only helping small business, we’ll be building a stronger economy that can change the world.

How you’ll make an impact

As the Team Lead Engineering - Security Governance & Data Protection, you will be responsible for leading two critical security teams:

The Governance team, which ensures robust Identity Governance, automates compliance processes, and streamlines Continuous Assurance to support Xero’s ISO and SOC2 attestations, and the Data Protection team, which focuses on implementing and managing DLP (Data Loss Prevention) controls as part of Xero’s SASE program and future data security initiatives.

You will drive a risk-based, automation-first approach to security governance and compliance, ensuring efficient access management, streamlined audit processes, and proactive data protection controls. Your role will be pivotal in enabling Xero to scale security operations efficiently, reducing compliance overhead, and ensuring data security as the business grows.

What you’ll do

  • Lead and expand Identity Governance capabilities, ensuring scalable and efficient user access reviews, provisioning, and entitlements management across AWS and GCP.
  • Oversee the Identity Management Engine, ensuring it meets business needs while enabling self-service access control for teams.
  • Work with security architects and engineering teams to improve access governance, least privilege enforcement, and automated identity lifecycle management.
  • Collaborate with internal stakeholders to ensure alignment between security governance, compliance, and business objectives.
  • Develop and implement Continuous Assurance capabilities, automating security controls to support ISO, SOC2, and other regulatory attestations.
  • Work with compliance and security teams to streamline audit processes, reducing the manual effort required for security certifications.
  • Establish automated security evidence collection for compliance reporting and stakeholder visibility.
  • Lead the Data Protection team, focusing on Data Loss Prevention (DLP) controls to protect sensitive data across Xero’s environments.
  • Ensure DLP policies are aligned with business needs, balancing security requirements with productivity.
  • Work closely with the SASE program team to integrate data security policies into Xero’s cloud and network security architecture.

Culture and people leadership

  • As required, lead, develop, and grow a high-performing team by providing coaching, mentorship, and setting a clear direction by connecting the work they do to the Technology and Xero’s strategic objectives.
  • Foster a culture of security enablement, where developers and engineers feel supported in building secure products.
  • Collaborate with cross-functional teams, ensuring governance and data security initiatives support Xero’s broader security and business strategies.
  • Champion continuous improvement, leveraging industry best practices and emerging trends to refine security approaches.
  • Promote a culture of psychological safety and inclusion, ensuring all team members feel empowered to contribute and raise concerns.

Success looks like: your team

  • Successfully manages and expands Identity Governance capabilities based on product requirements, ensuring access reviews and provisioning are efficient, scalable, and automated.
  • Ensures AWS and GCP access management is aligned with least privilege and zero trust principles.
  • Implements automation to reduce the operational burden of identity governance and compliance.
  • Delivers a Continuous Assurance framework, significantly reducing manual work for ISO and SOC2 attestations.
  • Automates compliance evidence collection, making audit and security certifications faster and more efficient.
  • Provides clear visibility into security control effectiveness through data-driven insights.
  • Successfully deploys DLP controls as part of the SASE program, ensuring proactive data security policies.
  • Works closely with security operations and risk teams to monitor and mitigate data security threats.
  • Establishes effective incident response processes for data protection violations.

Success looks like: Culture and People / Your reports

  • Clearly understand how their work contributes to Xero’s security and business success.
  • Clearly understand their areas of development and their personal growth. Feel supported in their career growth and technical development.
  • Actively collaborate with engineering teams, breaking down silos and fostering a culture of shared security responsibility.
  • Are empowered and challenged to do their best work and their skills are continuously being developed through new learnings and experiences.
  • Contribute to security knowledge-sharing across Xero, empowering product teams to take ownership of security within their domains.
  • Are recognised and celebrated for good performance, and effectively managed when performing poorly.
  • Are supported to produce the best work of their lives by your understanding and ability to remove barriers.

Critical competencies

  • Strong expertise in Security Governance, Identity Governance, Compliance Automation, and Data Protection.
  • Coach & mentor – Utilising software delivery, technical experience and expertise, offer the right knowledge, at the right time in the right way – understanding why and how people learn.
  • Growth mindset – Understand that competency is not fixed but is enhanced through dedication and hard work. Demonstrate a love of learning and resilience to adversity that is essential for great accomplishment.
  • High EQ – Self aware, self regulated, motivated and empathetic, with great interpersonal skills.
  • Leading/living the vision & values – Build and foster an inclusive and positive team culture. Keep the team’s vision and values at the forefront of decision-making.
  • Communicate and help others understand the importance of the vision and values. Translate the vision and values into day-to-day activities and behaviors.
  • Have a good understanding of the importance of Xero’s Engineering standards and practices and are able to coach teams to adhere to them.
  • People Leadership – Demonstrate honesty and integrity. Provide clear objectives, guide career development and foster an inclusive environment that promotes psychological safety and teamwork. Clearly communicate expectations. Have an open mind and the flexibility to change opinions. Develop and support others.
  • Teamwork – Work with peers and stakeholders to establish an overall collaborative relationship.
  • Outstanding communication and time management skills.

Experience

  • Experience implementing and managing Identity Governance solutions (e.g., user access reviews, provisioning automation).
  • Experience leading Data Protection initiatives, including DLP implementations in cloud and hybrid environments.
  • Strong knowledge of SASE, Zero Trust, and cloud security principles, ensuring security is scalable and frictionless.
  • Experience in security automation, leveraging tools and platforms to reduce manual effort and improve security efficiency.
  • Proven track record of leading teams to deliver high-quality software in a fast-paced environment, leveraging Lean-Agile techniques, while managing competing priorities and ensuring alignment with strategic goals.
  • Excellent grasp of modern software delivery practices and life cycle.
  • Proven ability to balance the needs of the individual with the needs of the business.
  • Experience with coaching and mentoring.
  • Strong stakeholder management skills, with the ability to influence without authority and align security priorities with business needs.
  • Passion for developer enablement, making security accessible and empowering engineers to write secure code.

What we value

  • Challenge – Xeros dream big, lead and embrace change.
  • Beautiful – Xeros create experiences that people love.
  • Team – Xeros are great team players.
  • Ownership – Xeros deliver on our commitments.
  • Human – Xeros are authentic, inclusive and really care.
Share this job:
Please let Xero know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Xero logo

Xero

Global small business platform

  • 1001-5000 employees
  • Founded in 2006
  • 50 remote jobs
View all jobs

Latest Jobs at Xero

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply