Security Governance Lead (GRC)



Sydney, NSW, Australia
Posted on Friday, May 26, 2023

At Prospa, we exist to unleash the potential of every small business. We are building the future of small business and simplifying cashflow by building a leading platform that helps customers make payments, fund growth and reduce admin.

The role
You’ll oversee and implement robust cybersecurity governance, risk, and compliance practices including ownership of our ISO27001 Information Security Management System (ISMS). Our Cybersecurity team play a critical role in ensuring the confidentiality, integrity, and availability of information assets, as well as compliance with applicable security standards and regulations.

What you will be doing
• Establish and maintain an ISO27001-compliant ISMS framework, ensuring alignment with the organisation's security objectives and risk appetite
• Continue to mature our internal cybersecurity governance framework, policies/procedures, and controls to ensure compliance with applicable legislation, regulations, and industry best practices.
• Coordinate the General IT Controls audit
• Foster a strong internal culture of security awareness and ownership
• Develop and deliver training programs, workshops, and awareness campaigns to educate and empower our employees on all thing’s cybersecurity
• Collaborate with procurement team to assess security posture of third-party vendors
• Maintain our vendor risk management framework
• Own and drive our user access review process
• Managing, developing and mentoring a small team

What you’ll need to succeed
• Demonstrated experience in security governance with practical experience working on security audits and risk management programs.
• Demonstrated, hands on experience working of ISO27001 and experience running an ISMS.
• Experience in working with various stakeholders to advise on security controls and requirements
• Experience within a security governance or consulting role would be highly advantageous but not essential.
• Good understanding of information security best practice standards and guidelines (e.g. ASD8, NIST, PCI-DSS), Australian Privacy Principles and APRA CPS 234
• Relevant security qualifications and professional certifications highly regarded but not required (ISO27001 Lead Auditor, CISA, CISM, CRISC, CISSP etc.)
• Strong written and verbal communication skills
• Excellent stakeholder management skills across the board
• Strong people leadership experience

Don’t let a confidence gap get in the way of submitting your application.

What we offer:
As a busy grow getter, our benefits are here to help you be unstoppable in your mission. Whether it’s a lofty career goal, investing in your family, saving the planet or simply feeling fulfilled:
• Growth: There’s something for everyone including learning days, a learning allowance, leadership programs, performance coaching & digital learning
• Wellbeing: Think fitness initiatives, seasonal programs (including massages, skin checks, family picnics and coffee carts), additional “Me Days” and access to holistic EAP coaching.
• Lifestyle: Find your fit with flexible working options, top notch office facilities and diverse remote/ travel work options. You can also purchase additional leave and take up to 18 weeks paid parental leave
• Impact: Join a business that has committed to becoming carbon neutral by June 2024. And you can tap into volunteer days, our partnership with Kiva and join a range of employee resource groups.

Why Prospa?
We embrace diversity in our people and our thinking. You’ll find an environment where there’s always something new around the corner. It’s collaborative, inclusive and respectful. A place where we celebrate who you are, naturally.
We’re building the future of small business finance. Join us!