Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. 

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

At Xero, we have a vision to be one of the Security leaders in our industry, continuously improving our security posture to mitigate foreseeable cybersecurity risks for Xero. We’re committed to the security of our customers’ data and provide multiple layers of protection for the personal and financial information of our customers. The Security Architecture team plays an important role by taking a holistic view of Xero’s technical stacks, bridging an understanding of business needs with security objectives, and informing how Xero’s security architecture can be designed to respond to the ever-changing security and regulatory landscape. As a member of our Security Architecture team, you will be working with stakeholders across Xero to ensure our product and platform stacks have the right controls and tooling implemented in the right way, to appropriately identify and mitigate security events at global scale.

In this role you will:

• have the opportunity to apply and grow your security experience in an exciting globally scalable SaaS environment

• have a wide impact and be exposed to all aspects of our business as you work on initiatives across customer facing products and our internal focused solutions.

• be part of a global team that supports your professional development.

The Security Architecture team supports our technology and product architects, engineers, and security specialists by providing architectural clarity to the current state security composition of our technical stacks, as well informing how this architecture might be improved to:

• mitigate risk from current and emerging threats

• meet the needs of a changing compliance landscape

• align Xero to meet strategic, business and operational objectives now and in the future. 

• assist with conducting post-incident reviews and remediation planning

• help develop and implement policies and procedures for security networks and systems (in conjunction with the product and engineering teams)

As a Security Architect at Xero you will work with a broad cross-section of stakeholders daily, to understand how our current-state security architecture serves to meet our security and regulatory objectives and to provide insight, guidance and direction as to how this architecture may be improved. You will leverage your experience implementing modern security architectures, tools and practices to articulate (in verbal and written form) and simplify highly technical security concepts into compliant, composable, and scalable solutions. 

• Excellent communication skills and the ability to simplify and articulate highly technical security concepts to a broad cross-section of stakeholders

• Good stakeholder management and relationship building skills

• The ability to lead through trust and influence broadly across a variety product, platform and security teams

• Business analysis skills and associated problem-solving, and critical thinking skills

• An innovative and positive team player with a ‘can do’ attitude

• Good time management and prioritisation skills

• Demonstrable experience cultivating a culture of security awareness 

• Demonstrated experience in designing and evolving modern security architectures as well as implementing tools and practices to support the architecture. 

• Up-to-date knowledge of methodologies and trends in information security risk management, application security and cybersecurity in general, including experience with securing cloud platforms and delivering secure coding solutions. 

• A good knowledge of common information security management frameworks, for example ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework

• Security qualifications such as SABSA, CISSP or similar would be desirable but not essential

• Familiarity with data privacy and compliance requirements

• Demonstrated experience conceptualising and implementing large-scale web/mobile based services, event driven and/or REST based systems, and managing data at scale.

• In-depth knowledge of cloud providers, ideally AWS but also GCP or Azure

• Working knowledge of agile software development methodologies

Offering very generous paid leave to use however you’d like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, free medical insurance, wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, career development, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.