GRC Specialist (Security)

Airwallex is the only unified payments and financial platform for global businesses. Powered by our unique combination of proprietary infrastructure and software, we empower over 150,000 businesses worldwide – including Brex, Rippling, Navan, Qantas, SHEIN and many more – with fully integrated solutions to manage everything from business accounts, payments, spend management and treasury, to embedded finance at a global scale.

Proudly founded in Melbourne, we have a team of over 1,700 of the brightest and most innovative people in tech across 26 offices around the globe. Valued at US$6.2 billion and backed by world-leading investors including Visa, Airtree, Blackbird, Sequoia, DST Global, Greenoaks, Salesforce Ventures, Lone Pine, and Square Peg, Airwallex is leading the charge in building the global payments and financial platform of the future. If you’re ready to do the most ambitious work of your career, join us.

As an INFOSEC Governance Risk and Compliance Specialist here at Airwallex, you will be a trusted member of the Information Security team. Reporting to the INFOSEC GRC Manager, this role will see you becoming a critical part of Airwallex’s global mission, helping to proactively identify and mitigate information security risks to the organisation, as well as designing and implementing policies and procedures that are innovative, challenging the traditional norms of the industry.

You’ll work closely with Legal, Engineering, and senior leadership regarding international regulatory compliance, data privacy and other aspects of risk and data governance.

The INFOSEC GRC and Engineering teams work closely together and often collaborate directly, so engineering experience of any kind will serve you well, and this role would be best suited for someone with a software development or IT engineering background, who has moved into the world of information security compliance.

This is a dynamic and autonomous role. It requires independent thinking, with experience in project management and robust design, but without being tied up in traditional solutions and methodologies. An ideal candidate will see compliance as a challenge to iterate on, rather than a box to be checked. 

What You'll Be Doing

• Manage the body of security controls and documentation, executing them to a high standard while refining and iterating.

• Implement automation and monitoring information security controls, exceptions, risks, and testing 

• Implement an innovative security risk program that aligns to regulatory requirements, ensuring documented and sustainable risk management.

• Develop and maintain security standards and policies, reporting metrics, dashboards, and evidence artefacts to support both internal and external stakeholders

• Develop resources to help non-technical employees understand information security and compliance requirements.

• Partner with other Airwallex teams to build collaboration, and establish shared responsibilities and resources for security, data protection and governance, risk management, and privacy.

What You'll Bring

• Deep knowledge of relevant compliance, regulatory and control frameworks including PCI-DSS, ISO 27001, SOC2 and similar standards. You should have been involved in at least one completed security audit, and be intimately familiar with their flow.

• Working knowledge of technology policy creation and maintenance, especially in the context of security. Some experience with tuning policies to meet complex regulatory requirements.

• A strong familiarity with Information Security concepts, practices, and solutions; you might have a technical background yourself, or just have spent a lot of time working closely with engineering teams. Regardless, tech doesn’t scare you and you can speak the language fluently.

• A working understanding of complex cloud environments and the way they impact modern security and compliance operations.

• An understanding of financial services or payments, especially prior work experience with the fintech industry.

• A passion for solving the complex challenges of high-growth startups, and for thinking creatively about ‘solved’ problems.

• An industry-leading security degree or certification is highly desired. Examples include a BS or MS in Cybersecurity; or a CISSP, CEH, CISA, etc.

Airwallex is proud to be an equal opportunity employer. We value diversity and anyone seeking employment at Airwallex is considered based on merit, qualifications, competence and talent. We don’t regard color, religion, race, national origin, sexual orientation, ancestry, citizenship, sex, marital or family status, disability, gender, or any other legally protected status when making our hiring decisions. If you have a disability or special need that requires accommodation, please let us know.

Airwallex does not accept unsolicited resumes from search firms/recruiters.  Airwallex will not pay any fees to search firms/recruiters if a candidate is submitted by a search firm/recruiter unless an agreement has been entered into with respect to specific open position(s).  Search firms/recruiters submitting resumes to Airwallex on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.

Compensation Range: $150K - $200K