About Acorn PLMS: At Acorn PLMS, we are on a mission to transform the corporate learning experience. Our cutting-edge Performance Learning Management System (PLMS) software is powered by AI and designed to ensure that what people learn directly contributes to their exceptional performance in business. Corporate performance and learning needs a revolution, and Acorn PLMS is the antidote. We are the only solution that guides learners step by step to master the specific capabilities required for their roles, ultimately accelerating organisational performance.

We are open to individuals based in Canberra or Sydney, Australia – this is an in-office role.

Role overview: With ambitious global growth plans, security is at the heart of everything we do. We are seeking an experience, pro-active and hands-on security leader to take ownership of our security posture and accreditations as we scale.

This role will be the hands-on technical lead for security while setting long-term security policy and governance direction. Ensuring compliance with key certifications including IRAP and SOC 2 and working closely with our Data Protection Officer (DPO) and cross-functional teams, the Director of Information Security will define and execute Acorn’s end-to-end cyber security strategy and ensure we continuously monitor, mitigate, and manage risks to protect our customers, partners, and business.

This role is ideally suited for someone with an engineering background (e.g. an ex pen tester) with strategy and leadership experience, looking for an exciting challenge in a scaling business.

5 Key Capabilities:

The best part… we use our Acorn software at Acorn. We believe in the power of our Managers and Staff being aligned on the 5 capabilities needed for each role, and the level that we expect for any given role, using our Acorn AI tool to streamline this consistently across our business. The 5 levels comprise Foundational, Developing, Proficient, Advanced and Expert.

Here are the 5 capabilities for our Director of Information Security to give you an idea of what the role entails and the proficiency level that we’re looking for from it.

1. Security Strategy & Governance: Develops and drives the organisation's comprehensive information security strategy, policies, and practices. Level: Expert – Defines the long-term vision for organisational security posture and resilience.

2. Risk Management & Compliance: Proactively identifies, assesses, and mitigates information security risks across the organisation. Level: Expert – Establishes the organisation's risk appetite and tolerance aligned with strategic objectives.

3. Secure Infrastructure & Architecture: Designs and implements secure infrastructure, application environments, and DevOps pipelines, embedding security controls throughout the technology stack. Level: Expert – Engineers proactive security controls across AWS-native systems, CI/CD, and product environments to enforce scalable, resilient, and secure-by-default design.

4. Threat Detection, Incident Response & Recovery: Develops, operates, and continuously improves real-time detection, incident response, and recovery capabilities. Level: Advanced – Leads post-incident forensics and recovery efforts, simulates attacks to validate controls, and evolves response plans through red teaming and continuous learning.

5. Security Culture & Team Leadership: Promotes a strong security culture and leads the development of high-performing security teams. Level: Advanced – Sets the direction for org-wide awareness, drives cross-functional accountability, and scales a function blending engineering, GRC, and stakeholder engagement.

Key Responsibilities

Security Strategy & Leadership

• Define and execute Acorn’s end-to-end cyber security strategy across people, process, and technology
• Be the hands-on technical lead for security, while also setting long-term policy and governance direction

Risk Management, Compliance & Accreditation

• Proactively assess and mitigate risk across our AWS-native infrastructure and SaaS product
• Lead and maintain certifications such as IRAP and SOC 2, and prepare for others (e.g. ISO 27001, FedRAMP)
• Build and enforce internal policies, secure coding practices, and third-party risk frameworks

Secure Architecture & Implementation

• Collaborate closely with our DevOps and Engineering teams to design secure infrastructure and deployments
• Implement guardrails, automated controls, IAM policies, monitoring and alerting directly in AWS (e.g. Fargate, RDS, API Gateway)
• Review and enhance security in CI/CD, container orchestration, source code, and dependencies

Monitoring, Detection & Incident Response

• Deploy and manage tooling for real-time threat detection and vulnerability management
• Lead incident response and postmortem processes; improve playbooks, detection rules, and recovery systems
• Simulate attacks or perform internal penetration tests to validate defenses

Stakeholder Engagement & External Representation

• Act as the senior point of contact for all security-related questions from customers, partners, auditors, and government bodies
• Clearly communicate risk posture and mitigation plans to executives and the Board

Team Development & Culture

• Define the roadmap for growing a security function with the right mix of engineering, GRC, and operations
• Promote security awareness and accountability throughout the company, especially within the product team

Required Skills & Experience

• 7+ years of experience in Information Security leadership roles, ideally within SaaS or technology-driven businesses
• Engineering background (e.g. ex pen tester)
• Strong understanding of compliance frameworks such as IRAP, SOC 2, ISO27001, GDPR, and other data protection regulations
• Hands-on experience managing accreditation processes and audits
• Proven track record in risk management, security operations, and incident response
• Exceptional communication skills, with the ability to engage technical and non-technical stakeholders
• Experience working with government clients highly desirable
• Relevant certifications (e.g., CISSP, CISM, CISA, CRISC) are an advantage
• Applicants must hold or have the ability to obtain an Australian Government Baseline security clearance or higher.

Why Join Acorn PLMS?

• Opportunity to build and lead the security function in a scaling global SaaS business
• A dynamic, supportive, and growth-focused work environment
• Opportunities for professional growth and career advancement
• Competitive salary and benefits package

Location

We are open to individuals based in Sydney or Canberra, Australia. We are an office-first company, meaning we work from our local offices the majority (if not all) of the time. We want to create cool stuff with great people, and we know from experience that is best done through daily moments like the coffee run, walk to grab lunch, or quick huddles. Being able to capitalise on this is key to our ongoing success and a large part of the reason we can work at the pace we do. Please note candidates will need to be in commuting distance to our offices based in the Canberra and Sydney CBD.

Applicants must have full working rights in Australia to be considered for this role. Unfortunately we are unable to provide visa sponsorship at this time.

Our recruitment process

Acorn is committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We are an equal opportunities employer and welcome applications from all qualified candidates. We aim to ensure that our recruitment process is fair and accessible to everyone and encourage candidates to request any accommodations needed during the application or interview stages.

About Acorn

Acorn is the hub for learning and performance for over 3 million active learners globally. The work you do — whether that’s writing lines of code, designing the layout of a dashboard, or talking to customers — helps real people grow not just professionally, but personally. In the space of 10 years, we’ve grown to a global platform in the heart of many major organisations’ ecosystems.

There’s still so much more to do, and we need people who are keen to help us journey into the next phase on board! And since we’re still growing, there’s so much you can learn on that journey with us. To find out more about life at Acorn, our Values and working with us, check out our website at https://acorn.works and see our Life At Acorn video here! https://youtu.be/2BGUk-n3FrQ?si=U_sS1Y5ZSP0tNtZW

If you're excited by the challenge of leading end-to-end security strategy, shaping resilient systems, and driving a culture of security across product and infrastructure - we’d love to connect with you!