GRC Consultant (Remote, AUS/NZ)


This is a hybrid role if you are located in Sydney OR this can be a remote role if you are located outside of our Sydney Hub.

We’re a passionate team of brilliant achievers, and together we’re using technology to take the small business finance industry next level. Our mission is to keep small businesses moving – with smart cash flow solutions right when they need them. Supporting them through ups and downs. Making their lives easier. Helping them Prosper.

The role

Security at Prospa is about working towards a robust and effective security function to protect Prospa and its customers whilstGRC  enabling the business to grow.

As a Security Governance Consultant, you will focus on ensuring Prospa’s security governance practices and processes are maintained and operating effectively. This includes the ownership and management of our ISO27001 Information Security Management System (ISMS). You will also be responsible for driving our vendor security program and running our security awareness program.

What you will be doing

  • Owning and maintaining the ISO27001 Information Security Management System (ISMS), including maintenance of policy documents and coordinating audit activities and annual certification.
  • Tracking and maintaining the ISMS risk register, including associated risk treatment plans, identifying, and capturing new risks, and ensuring this is tracked appropriately in our GRC (Governance Risk and Compliance) system.
  • Manage Prospa’s vendor cyber risk assessment program to ensure third-party vendor’s meet our security expectations.
  • Ownership of the cyber security awareness program, including mandatory training programs, phishing simulations, and targeted security training for specialised teams to drive education of staff on security risks.
  • Developing, sourcing, and reporting on key security metrics to senior leadership and the executive.
  • Work closely with the General Counsel and Compliance Manager to assist with enterprise-wide compliance and risk management initiatives.
  • Contribute to various security projects as part of the cyber security roadmap.

What you’ll need to succeed

  • Relevant experience in security, preferably in a security governance or consulting role with practical experience working on security audits and risk management programs.
  • Experience in working with various stakeholders to advise on security controls and requirements. Good understanding of information security best practice standards and guidelines (e.g. ISO27001, NIST, PCI-DSS, ASD8, OWASP, CIS), Australian Privacy principles and APRA CPS 234
  • Strong written and verbal communication skills and the confidence to liaise with senior stakeholders.
  • Relevant security qualifications and professional certifications highly regarded but not required (CISA, CRISC, ISO27001 Lead Auditor etc.)
  • Hands-on implementation and management of technical controls is highly valued.

What we offer

  • Work with the latest technologies in the market
  • Study allowance and paid learning days
  • Join a team of passionate, diverse and talented Engineers
  • Career development opportunities
  • Flexibility (remote work on offer)
  • Highly competitive incentive scheme
  • Volunteer leave & paid parental leave
  • Team and company wide social events
  • A chance to be a part of one of Australia’s fastest scaling tech organisations

Why Prospa?

We embrace diversity in our people and our thinking and provide a collaborative, inclusive, innovative and respectful environment. We celebrate who you are and actively provide our employees the same great experience we provide our customers.

It’s super exciting every day. Always moving. Always something new around the corner. And we’ve only just cracked the surface.

Open the door. Feel the buzz. Want in?