Xinja is building the first, Australian, independent 100% digital bank designed entirely for mobile

About Us
Xinja is building the first, Australian, independent 100% digital bank designed entirely for mobile. We are building a bank with our customers and designed in their interests. Neobanking will disrupt the existing banking model and create a whole new generation of experiences.

Developing the first neobank in the country is an exciting and challenging task. Our ethos is based on a win-win with our customers; if they do well, so do we. We believe it’s time Australians had access to the kind of technology that just allows them to get a lot more out of their money, with less angst.
We extend that attitude to our people and our partners. We look after our staff, and trust them with significant responsibility, but support them well. This is a great opportunity to be part of building a great company, and a fabulous brand.

The Role
The Information Security Governance, Risk and Compliance (GRC) manager will be responsible for assisting the CISO in building upon and improving Xinja’s Information Security Program. This role is responsible for driving a consistent and proactive approach to supporting governance, risk management and controls activities across our technology function and into the wider business. As part of the Information Security management team and reporting to Xinja Chief Information Security Officer, you will be responsible for providing leadership and oversight to a team of consultants and analysts, as well as specialist input as required. This will include supporting risk management and risk acceptance activities; maintenance and oversight of standards; maintenance and assurance of the IT controls framework; managing emerging technology risk within projects; supporting other assurance and audit activities relating to technology; and supporting reporting to governance working groups, forums and committees.
Responsibilities

• Manage the information risk and security governance, focusing on raising standards and awareness, as well as providing assurance and monitoring compliance with policies and standards;
• Manage, maintain and assure the information security control framework.
• Establish and promote good practice for managing information technology and information security risk, providing support, advice and information where required;
• Provide guidance, direction and reporting to senior management on a range of information technology and information security risk and control issue;
• Support the change functions and in the identification, management and assurance of emerging technology risks arising from projects and other change initiatives; and
• Manage elements of monitoring, demonstrating appropriate management of risk and compliance with policy.
• Lead by example by being a hands-on manager, and always be fair, open and honest;
• Identify what needs to be done and choose the right people for the job;
• Take an active lead in helping everyone to perform to their best and ensure Xinja success;

Requirements and Qualifications

• Significant experience of building and maintaining information security management governance standards (ISO27001, CoBIT, ISF SOGP, SOx, ITIL etc.).
• Significant experience of regulations and legislation associated with technology and information security;
• Significant experience of information technology and information security within Financial Services in Australia;
• Significant experience of risk management tools and methodologies
• Significant experience of 3rd party risk management (relating to technology and security risks)
• Experience of project management principles, tools and methodologies
• Good knowledge of financial services regulatory and legislative frameworks;
• Good knowledge of industry best practice, good networks/links with external bodies and individuals in the same field;
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependabilityand ability to work with little supervision while being resilient to change.
• Degree in business or a technology-related field.
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

A new frontier​:
At Xinja, we believe in embedding the brand in every customer experience, and therefore marketing is core to what we do. Developing the best neobank in the country is an exciting and challenging task. Our ethos is based on a win-win with our customers; if they do well, so do we. We believe it’s time Australians had access to the kind of technology that just allows them to get a lot more out of their money, with less angst. We are for profit and for purpose. We extend that attitude to our people and our partners. We have an inclusive and diverse culture where we look after our staff, and trust them with significant responsibility, but support them well. This is a great opportunity to be part of building a great company, and a fabulous brand, AND learn heaps along the way.