******** ** *********** ********
Acorn
About Acorn PLMS: At Acorn PLMS, we are on a mission to transform the corporate learning experience. Our cutting-edge Performance Learning Management System (PLMS) software is powered by AI and designed to ensure that what people learn directly contributes to their exceptional performance in business. Corporate performance and learning needs a revolution, and Acorn PLMS is the antidote. We are the only solution that guides learners step by step to master the specific capabilities required for their roles, ultimately accelerating organisational performance.
We are open to individuals based in Canberra or Sydney, Australia - this is an in-office role.
Role overview: With ambitious global growth plans, security is at the heart of everything we do. We are seeking a security leader to take ownership of our security posture and accreditations as we scale.
We are looking for an experienced, proactive, and hands-on Director of Information Security to lead our security efforts. This role will own the development, implementation, and ongoing management of our security strategy, ensuring compliance with key certifications including IRAP and SOC 2. Working closely with our Data Protection Officer (DPO) and cross-functional teams, the Director of Information Security will ensure we continuously monitor, mitigate, and manage risks to protect our customers, partners, and business.
5 key capabilities:
The best part… we use our Acorn software at Acorn. We believe in the power of our Managers and Staff being aligned on the 5 capabilities needed for each role, and the level that we expect for any given role, using our Acorn AI tool to streamline this consistently across our business. The 5 levels comprise Foundational, Developing, Proficient, Advanced and Expert.
Here are the 5 capabilities for our Director of Information Security to give you an idea of what the role entails and the proficiency level that we’re looking for from it.
1. Security Strategy & Governance - Develops and drives the organisation's comprehensive information security strategy, policies, and practices. Level: Expert - Defines the long-term vision for organisational security posture and resilience.
2. Risk Management & Compliance - Proactively identifies, assesses, and mitigates information security risks across the organisation. Level: Expert - Establishes the organisation's risk appetite and tolerance aligned with strategic objectives.
3. Security Architecture & Engineering - Designs, implements and maintains secure systems aligned with security requirements. Level: Advanced - Drives organisation-wide secure architecture practices across development teams.
4. Security Operations & Incident Response - Monitors, detects and responds to cybersecurity threats and incidents effectively. Level: Expert - Establishes the strategic direction for proactive threat intelligence and resilient operations.
5. Stakeholder Management & Influence - Effectively communicates and influences security priorities across technical and non-technical stakeholders. Level: Advanced - Builds strategic partnerships with senior leaders to align security with business goals.
Key Responsibilities
Security Strategy & Leadership:
- Develop and execute the company's information security strategy, policies, and practices
- Act as the key point of leadership for all security initiatives internally and externally
Risk Management & Compliance:
- Proactively identify, assess, and mitigate security risks
- Lead and maintain key security accreditations such as IRAP and SOC 2, and prepare for additional certifications as needed
- Ensure compliance with applicable regulatory requirements and security standards
Collaboration:
- Work closely with the Data Protection Officer (DPO) to align security and privacy initiatives
- Partner with Product, Engineering, and Customer Success teams to embed security best practices across our SaaS platform and operations
Monitoring & Response:
- Implement and manage systems for continuous monitoring of threats and vulnerabilities
- Lead incident response efforts and ensure robust business continuity and disaster recovery planning
Stakeholder Management:
- Act as the security point of contact for customers, partners, auditors, and government bodies
- Communicate security risks and initiatives effectively to executive leadership and Board of Directors
Required Skills & Experience
- 7+ years of experience in Information Security leadership roles, ideally within SaaS or technology-driven businesses
- Strong understanding of compliance frameworks such as IRAP, SOC 2, ISO27001, GDPR, and other data protection regulations
- Hands-on experience managing accreditation processes and audits
- Proven track record in risk management, security operations, and incident response
- Exceptional communication skills, with the ability to engage technical and non-technical stakeholders
- Experience working with government clients highly desirable
- Relevant certifications (e.g., CISSP, CISM, CISA, CRISC) are an advantage
- Applicants must hold or have the ability to obtain an Australian Government Baseline security clearance or higher
Why Join Acorn PLMS?
- Opportunity to build and lead the security function in a scaling global SaaS business
- A dynamic, supportive, and growth-focused work environment
- Opportunities for professional growth and career advancement
- Competitive salary and benefits package
Location
We are open to individuals based in Sydney or Canberra, Australia. We are an office-first company, meaning we work from our local offices the majority (if not all) of the time. We want to create cool stuff with great people, and we know from experience that is best done through daily moments like the coffee run, walk to grab lunch, or quick huddles.Being able to capitalise on this is key to our ongoing success and a large part of the reason we can work at the pace we do. Please note candidates will need to be in commuting distance to our offices based in the Canberra and Sydney CBD.
Applicants must have full working rights in Australia to be considered for this role. Unfortunately we are unable to provide visa sponsorship at this time.
Our recruitment process
Acorn is committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We are an equal opportunities employer and welcome applications from all qualified candidates. We aim to ensure that our recruitment process is fair and accessible to everyone and encourage candidates to request any accommodations needed during the application or interview stages.
About Acorn
Acorn is the hub for learning and performance for over 3 million active learners globally. The work you do — whether that’s writing lines of code, designing the layout of a dashboard, or talking to customers — helps real people grow not just professionally, but personally. In the space of 10 years, we’ve grown to a global platform in the heart of many major organisations’ ecosystems.
There’s still so much more to do, and we need people who are keen to help us journey into the next phase on board! And since we’re still growing, there’s so much you can learn on that journey with us. To find out more about life at Acorn, our Values and working with us, check out our website at https://acorn.works and see our Life At Acorn video here! https://youtu.be/2BGUk-n3FrQ?si=U_sS1Y5ZSP0tNtZW
If you're passionate about building strong security foundations, thrive in dynamic environments, and want to make a global impact - we'd love to hear from you!
