Team Lead - Data & Security Compliance

Our PurposeAt Xero, we’re here to make running a business beautiful. By making small business more efficient every day, connecting them with big business technology and empowering a community behind them, their potential is limitless. When that happens, we’re not only helping small business, we’ll be building a stronger economy that can change the world.
How you’ll make an impactThe Team Lead - Data and Security Compliance will lead a team of Data and Security Compliance specialists in working with all parts of the business to improve Xero’s data & security compliance posture, helping to reduce the risk of security incidents through the improvement of the efficiency and effectiveness of Xero’s data and security controls.

What you'll do

• Lead a data and security compliance management team.
• Assess data and security compliance requirements across all areas of Xero’s business, including product, platform, and third party software and services, to ensure these are well understood and managed.
• Ensure security compliance obligations, both internally defined and externally regulated, are understood and met across Xero.
• Maintain the Xero information security management framework. Ensure that security policy and standards keep pace with the changing threat and compliance landscape, and are approved and communicated across Xero.
• Engage and manage service providers delivering services and capabilities related to Xero’s data and security compliance practice.
• Maintain a comprehensive program of automated and manual data & security testing across Xero products.
• Assist in the development and delivery of security awareness materials and training to Xero staff.
• Respond to customer and supplier security assessments.
• Provide measurement and reporting of Xero’s compliance position suitable for various levels of Xero’s leadership.
• Work with all areas of Xero’s business to ensure they have business continuity plans in place and these are regularly tested and maintained.
• Coach and mentor each of your direct reports to help them become the best versions of themselves they can be, using a variety of techniques which may include performance feedback and career development.
• Spend a proportion of your time on people-focused tasks including recruitment, leave management, performance reviews, training and development.
• Mentor product team members from other disciplines about data and security awareness of compliance concerns as a key consideration of product development.

Success looks like

• All changes to Xero’s product and corporate infrastructure are in compliance with the IT Security Policy and standards and meet Xero’s compliance obligations.
• Security assessments are completed and documented for all new third party software and technology services prior to them being used by Xero.
• Audits and other compliance assessment activities are completed successfully, and compliance is maintained with required standards.
• Business Continuity Plans are developed, maintained and tested to an agreed schedule.
• Security policy and standards are maintained to address current risks and compliance requirements.
• Your team is working collaboratively together to ensure agreed objectives are met for operational performance and continue to improve the way the service is operated and monitored.
• High performing, highly engaged staff.

Critical Competencies

• Able to lead and mentor a diverse and geographically dispersed team to meet organisational goals.
• Takes a business focused and pragmatic approach to data and security compliance.
• Ability to lead and work as part of a team and able to take pride and ownership in their work.
• Has initiative and a passion for all things security and a willingness to go the extra mile.
• Excellent stakeholder management.
• Able to effectively communicate to a wide range of people.
• Creates an environment in which the team will thrive and excel.
• Creates a collaborative environment and empowers others.
• An innovative and positive team player with a “can do” attitude.
• Is someone people like working for and who acknowledges and rewards excellence.
• Fast learner, detail oriented, decisive, and enjoys fast paced work environments.

Experience

• 5+ years in a role in an information security and Compliance management practice.
• 5+ years in a role in a Data Compliance management practice.
• Experience implementing risk management and information management security frameworks.
• Proven experience in developing and maintaining a highly motivated team of individuals.
• Been recognised as a technical lead or the senior contributor in your team.

What we value 
We Make it Xero
We make it beautifulWe make it happenWe make it humanWe make it together