InfoSec Governance Risk and Compliance Lead

Australia·MelbourneRemoteFull-timelead

OtherCompliance Lead

0 views0 saves0 applied

Apply Now

Quick Summary

Requirements Summary

Drive the development, maturity, and execution of UpGuard’s InfoSec Governance, Risk, and Compliance function, with primary ownership over technology and cybersecurity risk.

Technical Tools

OtherCompliance Lead

Who are we?

At UpGuard, we are replacing manual security bottlenecks with AI-driven precision. Fresh off a US$75M Series C, we are scaling our infrastructure to process 100 billion risk signals daily. This isn’t just growth; it’s a total reimagining of how the world manages cyber risk.

We build the Cyber Risk Posture Management (CRPM) platform that security teams actually love. By integrating security ratings, threat intel, and agentic AI, we empower organisations to stay ahead of an ever evolving attack surface.

We aren’t just building another tool; we’re defining a category. We provide the autonomy to ship world-class technology and the resources to do it at a global scale.

Our Operations function consists of the IT, Legal, People, Finance and Analytics teams. We are here to be a key enabler to our other teams at UpGuard. Efficiency, scale and rich insights are some of the key contributions that this team brings to the table. We look to the future and solve really interesting challenges that will unlock Upguard’s ability to grow sustainably and efficiently through optimised systems and processes.

As UpGuard continues to rapidly expand, we're looking for a seasoned InfoSec Governance Risk and Compliance Lead to spearhead our information security risk and compliance initiatives. Reporting directly to the CISO, you will own the strategy and execution of our cybersecurity compliance programs, lead cross-functional risk management efforts, and ensure our systems and processes align with world-class security standards. Additionally, you will play a critical role in supporting our procurement and vendor management pipelines, ensuring all third-party relationships meet our stringent security and compliance requirements.

Lead GRC Strategy: Drive the development, maturity, and execution of UpGuard’s InfoSec Governance, Risk, and Compliance function, with primary ownership over technology and cybersecurity risk.

Optimize Procurement & Vendor Security: Partner closely with procurement, legal, and business stakeholders to embed security reviews into the purchasing lifecycle. Lead Third-Party Risk Management (TPRM) evaluations for new and existing vendors.

Contract & Legal Support: Review security exhibits, Data Processing Agreements, and security questionnaires during procurement negotiations to safeguard UpGuard and its customers.

Enterprise Collaboration: Partner with the CISO to contribute expert analysis on broader enterprise and operational risk matters, ensuring a unified approach to risk management.

Own the Risk Management Process: Architect and run the technology and security components of the Risk Management process. You will maintain, continually improve, and deliver executive-ready reporting on trends, vulnerabilities, and strategic insights.

Champion SOC 2 & Security Compliance: Formally own the technology and security control components of UpGuard’s annual SOC 2 Type II audit cycle. Design, manage, and coordinate remediations and improvements stemming from prior cycles, incident post-mortems, and internal assessments.

Build Trust & Product Alignment: Work cross-functionally with the Product team to develop public-facing trust documentation, while identifying security control gaps and improvement opportunities within the Product Development Life Cycle (PDLC).

Policy Governance: Draft, implement, and maintain a robust framework of InfoSec policies, standards, processes, and guidelines tailored to an evolving threat landscape.

Security Culture: Design and implement comprehensive, company-wide security awareness and compliance training programs utilizing the MindTickle platform.

Core Experience: 4+ years of dedicated experience in Information Security, IT Audit, or GRC within a technical, cloud-based landscape.

Risk & GRC Tooling Expertise: Deep familiarity and hands-on experience with modern technology risk management frameworks, GRC platforms, and Third-Party Risk Management (TPRM) tools.

Procurement & Legal Acumen: Experience partnering with procurement, legal, and privacy teams across diverse geographic areas (e.g., GDPR/CCPA, anti-corruption) to review vendor contracts, technical agreements, and security exhibits.

Strategic Communication: A clear, collaborative communicator capable of translating complex technical risks into clear business impacts for stakeholders, customers, and vendors.

Autonomy & Ownership: The ability to work independently, take swift initiative, and manage the fine details while never losing sight of long-term strategic goals.

Problem-Solving Mindset: A skillful issue-spotter and adaptive learner who can confidently navigate ambiguity and evaluate legal/business risk trade-offs.

Collaborative Nature: High ethical standards, meticulous attention to detail, a team-first attitude, and a dual passion for teaching and learning.

Advanced Experience: 6+ years of experience, including at least 2 years in a dedicated lead or senior-level capacity within a fast-growing B2B SaaS environment.

Audit Mastery: A proven track record of successfully owning and leading complex, multi-stakeholder security audits from scratch (specifically SOC 2 Type II, ISO 27001, or NIST frameworks).

Industry Certifications: Relevant professional certifications such as CISA, CRISC, CISM, or CISSP.

Scalability Mindset: Demonstrated experience scaling a GRC and vendor security function alongside a rapidly expanding global startup.

Monthly Lifestyle subsidy: Use this for financial, physical, and mental well-being

WFH set-up allowance: To ensure you have the right environment to work in, we will help you get set up within your first 3 months at UpGuard

$1500 USD annual Learning & Development allowance: To support your career development, all team members will be able to expense development opportunities against this allowance

Annual leave: PTO plus two additional UpGuardian leave days to give you time to recharge your batteries.

18 weeks paid Parental Leave: Irrespective of parenting role

Personal Leave Allowance: This includes sick & carer’s leave

Fully remote working environment: While we have physical offices in Sydney & Hobart, we do not mandate compulsory attendance

Top-spec hardware: All team members will be provided with top-spec laptops for their role

Generative AI subsidy: UpGuard provides paid subscriptions for all team members to access generative AI tools to support their work

#LI-BW1

UpGuard is a Certified Great Place to Work® in the US, Australia, UK and India, establishing its position as a leading global technology employer. 99% of team members agree that UpGuard is a great place to work, apply now to find out why!

As an Equal Employment Opportunity and Affirmative Action Employer, qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.

For applications to positions in the United States, please note, at this time we can only support hiring in the following US states: CA, MD, MA, IL, OR, WA, CO, TX, FL, PA, LA, MO, or DC.

Before starting work with us, you will need to undertake a national police history check and reference checks. Also please note that at this time, we cannot support candidates requiring visa sponsorship or relocation.