
InfoSec Governance Risk and Compliance Lead
Posted Jun 26

Posted Jun 26
This is a fully remote position, open to applicants in Australia.
• Lead the advancement, maturity, and implementation of UpGuard’s Information Security Governance, Risk, and Compliance function, taking primary responsibility for technology and cybersecurity risks.
• Collaborate closely with procurement, legal, and business stakeholders to incorporate security assessments into the purchasing process. Oversee Third-Party Risk Management (TPRM) evaluations for both new and existing suppliers.
• Examine security exhibits, Data Processing Agreements, and security questionnaires during procurement negotiations to protect UpGuard and its clients.
• Work alongside the CISO to provide expert analysis on broader enterprise and operational risk issues, ensuring a cohesive risk management strategy.
• Design and manage the technology and security aspects of the Risk Management process. You will uphold, enhance, and present executive-ready reports on trends, vulnerabilities, and strategic insights.
• Formally oversee the technology and security control elements of UpGuard’s annual SOC 2 Type II audit cycle. Develop, manage, and coordinate remediations and enhancements arising from previous cycles, incident reviews, and internal assessments.
• Collaborate cross-functionally with the Product team to create public-facing trust documentation, while identifying security control gaps and opportunities for improvement within the Product Development Life Cycle (PDLC).
• Create, implement, and sustain a strong framework of InfoSec policies, standards, processes, and guidelines that adapt to an evolving threat landscape.
• Develop and execute comprehensive security awareness and compliance training programs across the company using the MindTickle platform.
• Over 4 years of focused experience in Information Security, IT Audit, or GRC within a technical, cloud-centric environment.
• Extensive knowledge and practical experience with modern technology risk management frameworks, GRC platforms, and Third-Party Risk Management (TPRM) tools.
• Proven experience collaborating with procurement, legal, and privacy teams across different geographical regions (e.g., GDPR/CCPA, anti-corruption) to assess vendor contracts, technical agreements, and security exhibits.
• A clear and collaborative communicator adept at translating complex technical risks into understandable business impacts for stakeholders, clients, and vendors.
• Ability to work autonomously, take prompt action, and manage intricate details while maintaining focus on long-term strategic objectives.
• A perceptive problem-solver and adaptable learner capable of navigating ambiguity and assessing legal/business risk trade-offs.
• High ethical standards, meticulous attention to detail, a team-oriented mindset, and a genuine passion for both teaching and learning.
• Monthly Lifestyle subsidy: Utilize this for your financial, physical, and mental well-being.
• WFH set-up allowance: To help create an optimal working environment, we will assist you in getting set up within your first 3 months at UpGuard.
• $1500 USD annual Learning & Development allowance: To promote your career growth, all team members can expense development opportunities against this allowance.
• Annual leave: PTO plus two additional UpGuardian leave days for you to recharge.
• 18 weeks of paid Parental Leave: Available to all parenting roles.
• Personal Leave Allowance: This encompasses sick and carer’s leave.
• Fully remote working environment: While we have physical offices in Sydney & Hobart, attendance is not compulsory.
• Top-spec hardware: All team members will receive high-performance laptops for their roles.
• Generative AI subsidy: UpGuard offers paid subscriptions for all team members to access generative AI tools to enhance their work.
Mercyhealth Wisconsin and Illinois
Parexel
Anchorage Digital
BeOne Medicines
Get handpicked remote jobs straight to your inbox weekly.