Infosec Specialist

About InDebted
InDebted provides future-thinking organisations with products and solutions to support overdue consumers through debt. Backed by technology with a human touch, we use machine learning and AI to personalise the collections journey and champion positive customer experiences — all so we can change the world of consumer debt for good.
Founded in Australia, today we're a team of over 300 people living and working around the world. We're rapidly expanding throughout North America, the United Kingdom, Europe, Latin America and the Middle East. We’re a $50m revenue (and growing) organisation, having recently completed our Series C funding round, backed by leading investors such as Airtree. Now is an exciting time to join the team as we continue to make the experience of debt resolution smoother, and more human.
Role OverviewWe are seeking a highly skilled and experienced Information Security Specialist who will be responsible for ensuring the protection of the organisation's data and integrity. This role involves assisting with audits, 3rd party vendor management, developing security strategies, and monitoring systems for potential breaches.
The specialist will report to the Infosec Manager and collaborate with IT teams to enforce security protocols, conduct risk assessments, respond to incidents, and stay updated on the latest cybersecurity trends and technologies. We are looking for someone that has strong analytical skills, attention to detail, and knowledge of security standards and best practices are essential for success in this position.

Duties and Responsibilities:

• 3rd Party Vendor management:
• Assess and evaluate third-party vendors' security practices and compliance with organizational standards.
• Perform risk assessments on vendors and ensure they meet required cybersecurity standards.
• Collaborate with procurement and legal teams to include security requirements in vendor contracts.
• Regularly review and evaluate current vendors
• Maintain a centralized database of all vendor security assessments and risk profiles.
• Audit Assistance:
• Support internal and external audits by gathering and organizing relevant security documentation.
• Ensure compliance with industry standards, regulations, and internal policies during audits (e.g., ISO 27001, NIST, GDPR).
• Identify and address gaps in security controls or processes highlighted during audit findings.
• Engaging with stakeholders for relevant audit information.
• Monitoring Systems:
• Monitor security systems, networks, and applications for potential threats or breaches.
• Coordinate with IT teams to troubleshoot and resolve security-related issues.
• General Information Security Responsibilities:
• Assist in developing and updating security policies, procedures, and guidelines.
• Collaborate with cross-functional teams to ensure alignment with security protocols.
• Provide training and guidance to staff on vendor management, audit preparation, and security best practices.
• Contribute to the continuous improvement of the organization's information security posture.

Must Have:

• Knowledgeable on IT Risk Assessment, Privacy Risk and Data Privacy Compliance to establish controls.
• Minimum 3 to 5 years’ experience in Internal and External Audit
• Excellent communication and presentation skills (speaking, reading & writing)
• Must be proficient in MS Office Applications and Google Suite
• Must have the ability to work as a team member and independently
• Can work within the set timelines and strict timeframes.

Nice to Have:

• Knowledgeable on the GDPR and international Privacy Laws
• Data Privacy Certification would be a plus
• Must have 3 to 5 years experience in assessing Information Security Risk and Privacy Risks anchored on the Information Security Management System (ISO 27001), Quality Management System (ISO 9001) and Privacy Information Management System (ISO 27701).
• PCI and SOC 2 experience.

After 12 months in the role, you would have achieved the following:

• Enhanced the organization's overall cybersecurity framework through effective risk management, vendor assessments, and implementation of security controls.
• Supported internal and external audits with minimal findings, ensuring compliance with industry standards and closing any identified security gaps promptly.
• Implemented or optimized monitoring systems that effectively detect and respond to potential security incidents, reducing the frequency and impact of breaches.
• Developed and executed a comprehensive security strategy aligned with organizational goals, driving measurable improvements in data protection and risk reduction.
• Fostered stronger cross-departmental collaboration on security initiatives and increased awareness of cybersecurity best practices across the organization.

Our benefits
Adaptive working - We’re a remote first team, with office hubs in Australia, the United Kingdom and the United States - with hybrid options determined at team level to foster collaboration and flexibilityFlexible schedules - As a global team working across timezones, we offer flexible working schedules to ensure you’re able to balance work and lifeFlexible paid leave - Our trust-based leave model isn’t capped by standard entitlements. This means you can choose how much leave you take and when you take it, while balancing business needsRemote work set-up - Budget of AUD $750 (or local equivalent) to help you create a working environment that supports your productivityWork from anywhere scheme - Work from anywhere on a short-term basis (overseas or otherwise away from your usual place of work) for a maximum period of 4 months, so long as there is a reasonable overlap (4-hours) with your team and/or leader in your home countryGender neutral parental leave - Our global offering for all new parents includes 16 weeks paid leave
Our benefits packages vary depending on region and role requirements. Our talent acquisition team will be able to share more during the recruitment process.
At InDebted, we respect and celebrate the unique attributes, characteristics, and perspectives that make each person who they are. We also believe that bringing diverse individuals together allows us to build better products and a better overall company. InDebted is an Equal Opportunity Employer.