Xero is hiring a Remote Senior Security Risk & Compliance Specialist
\nXero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. \n\n\nAt Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.\n\n\nAbout the role and team\n\n\nThe Senior Security Risk & Compliance Specialist (M&A) will work as part of the Security Risk and Compliance team. We are a large, global team who are as warm and friendly as we are astute and knowledgeable. As part of the team, you will be working with all parts of the business to improve Xeroโs security risk and compliance posture, to reduce the risk of security incidents and improve the efficiency and effectiveness of Xeroโs security controls. This role has a focus on Xeroโs Mergers and Acquisitions portfolio but as part of the broader team you will be expected to contribute to other initiatives and will have the opportunity to learn about a broad range of topics in the course of your work.\n\n\n\nWhat you'll bring with you:\n* Experience working with M&A in the GRC (Governance, Risk and Compliance) space\n* Experience with Regulatory Compliance Frameworks\n* Experience with mentoring\n\n\n\nWhat youโll do:\n* Ensure security risk and compliance obligations, both internally defined and externally regulated, are understood and met across Xero and its subsidiaries.\n* Contribute towards the maintenance of the Xero information security management framework. Ensure that security policy and standards keep pace with the changing threat and compliance landscape, and are approved and communicated across Xero.\n* Engage with and manage service providers delivering services and capabilities related to Xeroโs security risk and compliance practice.\n* Further develop and manage security risk and compliance frameworks and processes to ensure risks are documented, quantified, owned, communicated and escalated as appropriate across Xero.\n* Assist in the development of security awareness materials and training for Xero staff.\n* Respond to customer and supplier security assessments.\n* Define requirements and assess solutions to automate and improve the efficiency of risk assessment, compliance management and reporting processes.\n* Keep informed as to emerging security threats that have the potential to impact Xero and recommend mitigating strategies.\n* Provide measurement and reporting of Xeroโs risk and compliance position suitable for various levels of Xeroโs leadership.\n* Coach and mentor other team members to help them become the best versions of themselves they can be, using a variety of techniques which may include performance feedback and career development.\n* Mentor product team members from other disciplines about security risk and compliance and raise awareness of risk and compliance concerns as a key consideration of product development.\n\n\n\nM&A Specific Responsibilities:\n* Perform Security Due Diligence activities for potential M&A targets and identify, assess, and report on related information security risks.\n* Work with cross-functional and technical teams to perform gap analysis, identify integration requirements and security uplift opportunities, and monitor integration and remediation work to ensure alignment with desired security outcomes.\n* Maintain and continually improve artifacts pertaining to M&A Security workstreams, ensuring alignment with all industry regulations, standards, and compliance requirements.\n* Collaborate with subsidiaries on audit preparation, control scope and ownership, and remediation of findings to provide clarity and ensure successful compliance outcomes, dependent on integration model.\n* Provide guidance and advice to the Integration Management team and Technical teams on security risk and compliance concerns and related issues throughout the M&A lifecycle.\n* Demonstrate effective project management processes to work collaboratively across Xero and its subsidiaries.\n\n\n\n\n\nWhy Xero\nOffering very generous paid leave to use however youโd like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, free medical insurance, wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, career development, and many other benefits that reflect our human value, youโll do the best work of your life at Xero.\n\n\nOur collaborative and inclusive culture is one weโre immensely proud of. We know that a diverse workforce is a strength that enables businesses, including ours, to better understand and serve customers, attract top talent and innovate successfully. At Xero we embrace diversity and inclusion and value a #challenge mindset. \n\n\nResearch has shown that women and underrepresented groups are less likely to apply to jobs unless they meet every single competency or experience . If you are excited about this role, but your past experience doesn't align perfectly, we encourage you to apply anyway. You could be just the right person for this role and Xero. If you have any support or access requirements, we encourage you to advise us at time of application and throughout the interview process.\n\n\nXero is an NZ Immigration Accredited Employer and Rainbow Tick certified too. \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Senior and Senior jobs that are similar:\n\n
$60,000 — $110,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
๐ Please reference you found the job on Remote OK, this helps us get more companies to post here, thanks!
When applying for jobs, you should NEVER have to pay to apply. You should also NEVER have to pay to buy equipment which they then pay you back for later. Also never pay for trainings you have to do. Those are scams! NEVER PAY FOR ANYTHING! Posts that link to pages with "how to work online" are also scams. Don't use them or pay for them. Also always verify you're actually talking to the company in the job post and not an imposter. A good idea is to check the domain name for the site/email and see if it's the actual company's main domain name. Scams in remote work are rampant, be careful! Read more to avoid scams. When clicking on the button to apply above, you will leave Remote OK and go to the job application page for that company outside this site. Remote OK accepts no liability or responsibility as a consequence of any reliance upon information on there (external sites) or here.