Security Risk and Compliance Specialist

2 days ago


Singapore Xero Full time

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive.

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

**About the role**

The Security Risk and Compliance Specialist will bring their experience to a team working with all parts of the business to improve Xero’s security risk and compliance posture, to reduce the risk of security incidents and improve the efficiency and effectiveness of Xero’s security controls.

**What you'll do**:
- Support contributors across Xero in conducting risk assessments to identify potential security threats and vulnerabilities, and evaluate security risks across all areas of Xero’s business, including product and technology, and third party software and services, to ensure these are well understood and managed within Xero’s risk tolerance.
- Ensure security compliance obligations with applicable laws, regulations and standards such as ISO 27001, SOC 2, PCI-DSS or other international or regional frameworks, are understood and met across Xero.
- Support product teams in performing threat modeling of new/updated product features.
- Perform risk assessments for Ecosystem partners and third party suppliers, ensuring that security risks are assessed and understood prior to, and during the engagement with the third party.
- Using the security risk management framework, ensure risks are documented, quantified, owned, communicated and escalated as appropriate across Xero.
- Provide input to responses to customer and supplier security assessments.
- Monitor and assess emerging security threats that could affect Xero, and propose strategies to mitigate them.
- Support process improvement and automation using technical skills and experience.
- Foster cross-disciplinary understanding of security risk and compliance and raise awareness of risk

**What success looks like**:
- Changes to Xero’s product and corporate infrastructure are in compliance with the IT Security Policy and standards and meet Xero’s compliance obligations.
- Risks are identified and managed according to Xero’s risk appetite, in a timely manner and in alignment with business objectives.
- Security assessments are completed and documented for all new third party software and technology services.
- Audits and other compliance assessment activities are completed successfully, and compliance is maintained with required standards.
- Management has timely and appropriate visibility of Xero’s security risk status.

**What you'll bring**:
- 3+ years in a role in an information security and risk management practice
- Experience with ISO27001:2022, SOC 2 Type 2 or PCI-DSS compliance frameworks
- Recognised as a high performer and leading contributor in your team.
- Experience working with AI and data to drive automation.

**Why Xero?**

Offering very generous paid leave to use however you’d like (plus statutory holidays), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, life insurance, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices with weekly fitness and yoga classes, flexible working, career development, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.

Our collaborative and inclusive culture is one we’re immensely proud of. We know that a diverse workforce is a strength that enables businesses, including ours, to better understand and serve customers, attract top talent and innovate successfully. So, from the moment you step through our doors, you’ll feel welcome and supported to do the best work of your life. At Xero we embrace diversity and inclusion and value a #challenge mindset.



  • Singapore beBeeCompliance Full time $80,000 - $120,000

    GRC Governance, Risk and Compliance SpecialistJob Description: Develop, implement, and maintain security policies, procedures, and standards in line with industry best practices (ISO 27001, NIST, CIS, etc.). Ensure compliance with regulatory requirements (MAS TRMG, CCoP). Assist in internal audits and security assessments to identify gaps and...


  • Singapore NEUROGLEE THERAPEUTICS PTE. LTD. Full time

    Neuroglee is growing rapidly and requires a Security Compliance Specialist. The Security Compliance Specialist will be responsible for developing and producing security and compliance procedures/processes/reporting that are meaningful and actionable for Neuroglee’s technology and operation team, and He/she will also take care of submitting audit and...

  • Ascc Security Manager

    2 weeks ago


    Singapore SECURITY & RISK SOLUTIONS PTE. LTD. Full time

    **ROLES AND RESPONSIBILITIES**: **The main responsibility of the APAC Security Manager is to Support the APAC Security Account Manager with all Security related duties. Oversee the operation, management, training, appraisal, motivation and administration of the APAC Security Control Centre (SCC) and TWDC Security Team. Act as a main point of contact between...


  • Singapore AvePoint Full time

    Governance, Risk and Compliance Specialist About AvePoint Securing the Future. AvePoint is a global leader in data management and data governance, and over 21,000 customers worldwide rely on our solutions to modernize the digital workplace across Microsoft, Google, Salesforce and other collaboration environments. AvePoint's global channel partner program...


  • Singapore AvePoint Full time

    Governance, Risk and Compliance Specialist About AvePoint Securing the Future. AvePoint is a global leader in data management and data governance, and over 21,000 customers worldwide rely on our solutions to modernize the digital workplace across Microsoft, Google, Salesforce and other collaboration environments. AvePoint’s global channel partner program...


  • Singapore ABB Full time

    IS Risk and Compliance Specialist At ABB, we are dedicated to addressing global challenges. Our core values: care, courage, curiosity, and collaboration - combined with a focus on diversity, inclusion, and equal opportunities - are key drivers in our aim to empower everyone to create sustainable solutions. Write the next chapter of your ABB story. Position...


  • Singapore beBeeSecurity Full time $80,000 - $120,000

    Job Title: Risk Management Security Specialist">We are seeking a highly skilled Risk Management Security Specialist to oversee the Third-Party Security Risk Management domain. The ideal candidate will provide consultation and professional advice on information security and key technology risk matters.">About the RoleThis role aims to foster a strong...

  • Operation Executive

    2 days ago


    Singapore SECURITY & RISK SOLUTIONS PTE. LTD. Full time

    **Operations Executive (Security Industry)**: - Join a growing team where your leadership and expertise make a real difference on the ground.We're looking for a hands-on, reliable Operations Executive to oversee and support our daily security operations across assigned contract sites. This role is ideal for someone who takes ownership, stays calm under...


  • Singapore SECURITY & RISK SOLUTIONS PTE. LTD. Full time

    **Summary of the Role** **Roles and Responsibilities**: Relationship Management: - Report directly to the ASCC Manager and work in a team of other Supervisors and Specialists. - Collaborate with the APAC Global Security team’s Regional Security Heads and other key business partners. - Serve as a liaison between APAC Security and Security Design and...


  • Singapore beBeeCompliance Full time $90,000 - $120,000

    About the Role:We are seeking a highly skilled Cyber Security Specialist to join our team. The ideal candidate will have expertise in risk management, compliance, and security solutions. They will be responsible for providing expert advice and implementation of robust cyber security solutions in our product and projects.Key Responsibilities:The successful...