RemoteLeaf Logo
Log in Sign up

InfoSec Governance Risk and Compliance Lead

1 hour, 23 minutes ago
Australia, United States
Full-time
Senior
Security Analyst
Cybersecurity
Apply Now
UpGuard

UpGuard

UpGuard is a cybersecurity ratings platform based in Sydney, Australia, specializing in third-party risk management and attack surface monitoring to prevent data breaches and enhance IT security.

Professional Services
51-250
Founded 2012
$47M raised
View All Jobs 12

Description

  • Lead the development, maturity, and execution of UpGuard’s InfoSec Governance, Risk, and Compliance function with primary ownership of technology and cybersecurity risk.
  • Partner with procurement, legal, and business stakeholders to embed security reviews into the purchasing lifecycle and lead third-party risk management evaluations for vendors.
  • Review security exhibits, Data Processing Agreements, and security questionnaires during procurement negotiations.
  • Partner with the CISO on enterprise and operational risk matters to support a unified risk management approach.
  • Architect, maintain, improve, and report on the technology and security components of the risk management process.
  • Own the technology and security control components of the annual SOC 2 Type II audit cycle and coordinate remediations from prior audits, post-mortems, and internal assessments.
  • Work cross-functionally with Product to develop public-facing trust documentation and identify control gaps in the product development life cycle.
  • Draft, implement, and maintain info-sec policies, standards, processes, and guidelines.
  • Design and deliver company-wide security awareness and compliance training programs using MindTickle.
  • Support the scaling of GRC and vendor security processes alongside UpGuard’s growth.

Requirements

  • 4+ years of dedicated experience in Information Security, IT Audit, or GRC within a technical, cloud-based environment.
  • Deep familiarity with modern technology risk management frameworks, GRC platforms, and third-party risk management tools.
  • Experience partnering with procurement, legal, and privacy teams across regions, including GDPR/CCPA and anti-corruption considerations.
  • Ability to translate complex technical risks into clear business impacts for stakeholders, customers, and vendors.
  • Ability to work independently, take initiative, manage details, and balance execution with long-term strategy.
  • Strong problem-solving ability and comfort navigating ambiguity and legal/business risk trade-offs.
  • High ethical standards, meticulous attention to detail, and a team-first mindset.
  • 6+ years of experience, including at least 2 years in a dedicated lead or senior-level role within a fast-growing B2B SaaS environment (preferred).
  • Experience leading complex, multi-stakeholder security audits from scratch, especially SOC 2 Type II, ISO 27001, or NIST frameworks (preferred).
  • Professional certifications such as CISA, CRISC, CISM, or CISSP (preferred).

Benefits

  • Monthly lifestyle subsidy for financial, physical, and mental well-being.
  • WFH setup allowance within the first 3 months.
  • $1,500 USD annual learning and development allowance.
  • Annual leave plus two additional UpGuardian leave days.
  • 18 weeks of paid parental leave for all parenting roles.
  • Personal leave allowance, including sick and carer’s leave.
  • Fully remote working environment with no compulsory office attendance.
  • Top-spec laptop and paid subscriptions to generative AI tools.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Moniepoint

Fraud Desk Officer

Moniepoint 1K-5K Diversified Financial Services

Moniepoint is hiring a Fraud Desk Officer to investigate, analyze, and prevent fraudulent activity across its payment and banking platforms while coordinating case resolution with internal and external stakeholders.

Nigeria Full-time Junior Security Analyst
1 hour, 8 minutes ago
Dijital Team

Security Analyst

Dijital Team 11-50 Internet Software & Services

Level 1 Security Analyst at an Australian technology services provider, supporting multiple client environments in a managed services Security Operations team focused on continuous monitoring and incident response.

Sri Lanka Full-time Junior Security Analyst
Linux SIEM Splunk
1 hour, 38 minutes ago
GR8 Tech

Middle Information Security Access Specialist

GR8 Tech 251-1K IT Services

GR8_TECH is hiring an IAM-focused IT Security specialist to scale and automate user access management for its B2B iGaming platform, with the goal of strengthening zero-trust controls and operational efficiency across core systems.

Anywhere Full-time Junior Security Analyst
Active Directory AWS Azure Bash GCP PowerShell Python
19 hours, 38 minutes ago
MetroStar

Sr. Information Systems Security Officer II (6670)

MetroStar 251-1K IT Services

MetroStar is hiring an Information Systems Security Officer (ISSO) to support government clients in obtaining and sustaining Authority to Operate for federal information systems.

United States Full-time Lead Security Analyst
$156k-$200k
Cybersecurity Encryption
1 day, 1 hour ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers