Our Purpose
At Xero, we’re here to make running a business beautiful. By making small business more efficient every day, connecting them with big business technology and empowering a community behind them, their potential is limitless. When that happens, we’re not only helping small business, we’ll be building a stronger economy that can change the world.
How you’ll make an impact
The Team Lead - Data and Security Compliance will lead a team of Data and Security Compliance specialists in working with all parts of the business to improve Xero’s data & security compliance posture, helping to reduce the risk of security incidents through the improvement of the efficiency and effectiveness of Xero’s data and security controls.
What you'll do
- Lead a data and security compliance management team.
- Assess data and security compliance requirements across all areas of Xero’s business, including product, platform, and third party software and services, to ensure these are well understood and managed.
- Ensure security compliance obligations, both internally defined and externally regulated, are understood and met across Xero.
- Maintain the Xero information security management framework. Ensure that security policy and standards keep pace with the changing threat and compliance landscape, and are approved and communicated across Xero.
- Engage and manage service providers delivering services and capabilities related to Xero’s data and security compliance practice.
- Maintain a comprehensive program of automated and manual data & security testing across Xero products.
- Assist in the development and delivery of security awareness materials and training to Xero staff.
- Respond to customer and supplier security assessments.
- Provide measurement and reporting of Xero’s compliance position suitable for various levels of Xero’s leadership.
- Work with all areas of Xero’s business to ensure they have business continuity plans in place and these are regularly tested and maintained.
- Coach and mentor each of your direct reports to help them become the best versions of themselves they can be, using a variety of techniques which may include performance feedback and career development.
- Spend a proportion of your time on people-focused tasks including recruitment, leave management, performance reviews, training and development.
- Mentor product team members from other disciplines about data and security awareness of compliance concerns as a key consideration of product development.
Success looks like
- All changes to Xero’s product and corporate infrastructure are in compliance with the IT Security Policy and standards and meet Xero’s compliance obligations.
- Security assessments are completed and documented for all new third party software and technology services prior to them being used by Xero.
- Audits and other compliance assessment activities are completed successfully, and compliance is maintained with required standards.
- Business Continuity Plans are developed, maintained and tested to an agreed schedule.
- Security policy and standards are maintained to address current risks and compliance requirements.
- Your team is working collaboratively together to ensure agreed objectives are met for operational performance and continue to improve the way the service is operated and monitored.
- High performing, highly engaged staff.
Critical Competencies
- Able to lead and mentor a diverse and geographically dispersed team to meet organisational goals.
- Takes a business focused and pragmatic approach to data and security compliance.
- Ability to lead and work as part of a team and able to take pride and ownership in their work.
- Has initiative and a passion for all things security and a willingness to go the extra mile.
- Excellent stakeholder management.
- Able to effectively communicate to a wide range of people.
- Creates an environment in which the team will thrive and excel.
- Creates a collaborative environment and empowers others.
- An innovative and positive team player with a “can do” attitude.
- Is someone people like working for and who acknowledges and rewards excellence.
- Fast learner, detail oriented, decisive, and enjoys fast paced work environments.
Experience
- 5+ years in a role in an information security and Compliance management practice.
- 5+ years in a role in a Data Compliance management practice.
- Experience implementing risk management and information management security frameworks.
- Proven experience in developing and maintaining a highly motivated team of individuals.
- Been recognised as a technical lead or the senior contributor in your team.
What we value
We Make it Xero
We make it beautiful
We make it happen
We make it human
We make it together