Information Security Governance, Risk and Compliance Manager
Xinja is building the first, Australian, independent 100% digital bank designed entirely for mobile. We are building a bank with our customers and designed in their interests. Neobanking will disrupt the existing banking model and create a whole new generation of experiences.
Developing the first neobank in the country is an exciting and challenging task. Our ethos is based on a win-win with our customers; if they do well, so do we. We believe it’s time Australians had access to the kind of technology that just allows them to get a lot more out of their money, with less angst.
We extend that attitude to our people and our partners. We look after our staff, and trust them with significant responsibility, but support them well. This is a great opportunity to be part of building a great company, and a fabulous brand.
Our 10 golden rules
To be successful at Xinja you are going to need to be happy working with our 10 golden rules
No dickheads… however good they may be. No dress code. No power trips because of a hierarchy. Intellect and implementation is all that matters.
Everything is in the cloud.
We use real time data to evaluate our business and we reward staff on a quarterly basis with an entirely discretionary bonus. No one gets a bonus if our investors aren’t making money and our customers aren’t happy.
We are here to make money, that’s why we exist, and we don’t screw people over to do it. We don’t lie to our clients in person or in marketing. We don’t engage in immoral lending, if our grandmother would think it was wrong, then it is. We aim to make lots of money ethically and we are proud of it.
No one is entitled to work at Xinja. It a huge honour to represent people’s hopes of a new bank and we earn that honour every day.
We look after our people bloody well. We stand by them if they are in genuine need.
We are truthful and direct with each other. Everyone says what they think in a robust, challenging, edgy environment. That means we won’t be the right place for everyone to work, and that’s ok.
We only hire people better than us. We never, ever settle because we need a body. We do psychometric testing to get the best people, every time.
About half our team, executive and board will be female, if they aren’t we aren’t recruiting the best people. We actively seek all types of diversity combined with brilliance.
If you discriminate against someone because of who they love/sleep with, you’re a dickhead…please see rule 1
The Information Security Governance, Risk and Compliance (GRC) Manager will be responsible for assisting the CISO in building upon and improving Xinja’s Information Security Program.
This role is responsible for driving a consistent and proactive approach to supporting governance, risk management and controls activities across our technology function and into the wider business. As part of the Information Security management team and reporting to Xinja Chief Information Security Officer, you will be responsible for providing leadership and oversight to a team of consultants and analysts, as well as specialist input as required.
This will include supporting risk management and risk acceptance activities; maintenance and oversight of standards; maintenance and assurance of the IT controls framework; managing emerging technology risk within projects; supporting other assurance and audit activities relating to technology; and supporting reporting to governance working groups, forums and committees.
Manage the information risk and security governance, focussing on raising standards and awareness, as well as providing assurance and monitoring compliance with policies and standards;
Manage, maintain and assure the information security control framework.
Establish and promote good practice for managing information technology and information security risk, providing support, advice and information where required;
Provide guidance, direction and reporting to senior management on a range of information technology and information security risk and control issue;
Support the change functions and in the identification, management and assurance of emerging technology risks arising from projects and other change initiatives; and
Manage elements of monitoring, demonstrating appropriate management of risk and compliance with policy.
Lead by example by being a hands-on manager, and always be fair, open and honest;
Identify what needs to be done and choose the right people for the job;
Take an active lead in helping everyone to perform to their best and ensure Xinja success.
Requirements and Qualifications:
Significant experience of building and maintaining information security management governance standards (ISO27001, CoBIT, ISF SOGP, SOx, ITIL etc.).
Significant experience of regulations and legislation associated with technology and information security;
Significant experience of information technology and information security within Financial Services in Australia;
Significant experience of risk management tools and methodologies
Significant experience of 3rd party risk management (relating to technology and security risks)
Experience of project management principles, tools and methodologies
Good Knowledge of financial services regulatory and legislative frameworks;
Good knowledge of industry best practice, good networks/links with external bodies and individuals in the same field;
High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
Degree in business or a technology-related field.
Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
Changing banking for good:
At Xinja, we believe in embedding the brand in every customer experience, and therefore marketing is core to what we do. Developing the best neobank in the country is an exciting and challenging task. Our ethos is based on a win-win with our customers; if they do well, so do we. We believe it’s time Australians had access to the kind of technology that just allows them to get a lot more out of their money, with less angst. We are for profit and for purpose.
We extend that attitude to our people and our partners. We have an inclusive and diverse culture where we look after our staff and trust them with significant responsibility but support them well. This is a great opportunity to be part of building a great company, and a fabulous brand, AND learn heaps along the way.