Information Security Officer
A Little About Us
Enboarder is on a mission to build better human connections across the employee journey. Our Human Connection Platform® cuts through the noise of daily communications and elevates what matters most. From onboarding to learning, performance management, career growth, and organizational change, we help companies nurture cultures of connection and belonging where every moment matters — and every human feels seen, supported, and included.
What’s Enboarder like?
We’re a SaaS tech company that got our start in Australia in 2015. We’ve grown from a small team operating out of Sydney to distributed teams across APAC, EMEA, the U.S., and India! You’ll find the expected perks like pets at the office, remote working options, equity, competitive compensation, paid parental leave, and flexible schedules. But you’ll also find that our business impact goes beyond the work we do for our clients and is just as global as our team.
Some things we can offer you:
- Competitive compensation and performance based bonus structure
- Flexible working schedule
- A chance to shape employee engagement and employee experience best practices across the globe
- Catered lunch once a week in every office around the globe
- Company recharge days
We are seeking an experienced and dedicated Information Security Officer (ISO) to join our team. The ISO will be responsible for establishing and maintaining the enterprise-wide information security management program to ensure that information assets are adequately protected. The ideal candidate will possess strong technical knowledge, exceptional communication skills, and a proactive approach to identifying and mitigating security risks.
Develop and Implement Security Policies: Design, implement, and enforce security policies, standards, and procedures to safeguard the organisation's information assets.
Risk Management: Conduct regular risk assessments and develop strategies to mitigate potential threats or vulnerabilities. Monitor and analyse security incidents to identify trends and potential weaknesses.
Security Awareness Training: Develop and deliver training programs to educate employees about security policies, procedures, and best practices.
Incident Response and Investigation: Lead incident response activities, conduct investigations, and coordinate with relevant teams to resolve security incidents promptly.
Compliance and Auditing: Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001). Conduct periodic audits to assess compliance and address any gaps identified.
Vendor Management: Assess and manage security risks associated with third-party vendors and service providers.
Security Governance: Collaborate with stakeholders to develop and maintain an effective security governance framework aligned with business objectives.
Audit Coordination: Collaborate with internal and external auditors to facilitate audits, address audit findings, and implement corrective actions as necessary.
Security Questionnaire Management: Complete security questionnaires from clients, partners, and other stakeholders. Ensure timely and accurate responses to inquiries related to our information security posture, policies, procedures, and controls.
Penetration Testing Coordination: Plan, coordinate, and oversee penetration testing activities conducted by internal or external teams. Define the scope, objectives, and methodologies for penetration tests across various systems and environments.
Vulnerability Assessment and Remediation: Collaborate with teams to identify vulnerabilities uncovered during penetration tests. Work closely with the Engineering and DevOps team to prioritise remediation efforts and ensure timely mitigation of identified security weaknesses.
Disaster Recovery Planning and Execution: Develop, maintain, and regularly update disaster recovery plans and procedures. Coordinate and lead comprehensive DR exercises to test the effectiveness of these plans, including scenarios simulating cyber attacks, natural disasters, or system failures.
Documentation and Reporting: Document findings, recommendations, and action plans resulting from penetration tests, Audits and DR exercises. Produce comprehensive reports outlining vulnerabilities, their potential impact, and recommended remediation strategies.
Bachelor’s degree in information security, Computer Science, or related field (advanced degree preferred).
Professional certifications such as CRISC, CISM, or CISA.
Proven experience of 3 to 5 years in information security management roles.
In-depth knowledge of security frameworks, such as NIST, ISO 27001, or SOC2 Controls.
Strong understanding of networking, encryption, authentication, and cloud security principles.
Excellent communication skills with the ability to convey complex security concepts to non-technical stakeholders.
Analytical mindset with the ability to assess risks and develop effective strategies to mitigate them.
Interested in Joining the Team?
Great, apply now! Someone from our team will reach out to you about the next steps.
The Enboarder team is made up of people who excel in a wide variety of disciplines. Each member of our team brings their unique perspective and passions to everything we do. We encourage you to apply even if you don’t feel that you meet every single requirement. We’re eager to meet people that believe in our mission and can contribute to our team in a variety of ways—not just candidates who check all the boxes. We want our employees to feel comfortable expressing their true selves and to come, stay, and do their best work with us. We hope you’re feeling excited about the opportunity to join our team!
Creating a safe and inclusive workplace is critical to the success of Enboarder and of our employees. It’s our aim to recruit, hire, and promote without bias against race, color, religion, sex, sexual orientation, gender identity, marital status, veteran status, or any other status protected by applicable law. As we learn and grow we’re committed to ensuring that these ideals are at the forefront of everything we do. All information collected during our application and interview process will be stored in accordance with the Privacy Act 1988 and Australian Privacy Principles.