Prospa is now open on Saturdays. Call our team between 10am & 4pm to discuss your loan.


Prospa is driven by its people. Their diversity, skills and passion are the foundation of what we deliver to our customers – where employees are dedicated to achieving stellar results and exceeding customer expectations. Our values: obsess about customers; deliver value fast; day 1; simplicity; be bold, open and real; and one team, inform how we think and act every day. We are also recognised as an AON Hewitt Best Employer in 2017 and 2018 FINNIES Best Fintech Place to Work and a Great Place to Work in 2019.

Prospa helps small businesses across Australia achieve their dreams, by creating an alternate funding pathway when traditional finance is not available. To date we’ve helped over 24,000 unique small business customers across Australia with over $1.5 billion in small business loans.

Prospa has established itself as a clear #1 online lender to small business in Australia and current growth trajectories see the business continuing to invest in its rapidly growing team, currently over 200 strong. This represents a unique opportunity to join one of Australia's most exciting and fastest-growing Fintech businesses with an awesome culture and plenty of further growth.

Prospa is extremely passionate about its people. Their diversity, skills, and passion are the foundation of what we deliver to our customers. Our people, in turn, are driven by our values.


The role

Security at Prospa is about working towards a robust and effective security function to protect Prospa and its customers, as well as enable the business to grow. With strong dedication from the leadership team and executives, we have support to do security the way it should be done and not to just tick a compliance box.

Reporting to the Chief Technology Officer, you will lead and have overarching responsibility for the success of the security function at Prospa, which includes the ISO27001 compliant Information Security Management System (ISMS) and the cybersecurity roadmap. You will be someone who takes ownership of their work, shows initiative through effective problem-solving skills and has the ability to clearly communicate ideas or recommendations to a variety of people with varying technical knowledge.


Key responsibilities include

  • Own and maintain the ISO27001 certified Information Security Management System (ISMS) including the relevant risk registers, policies, frameworks and operational requirements.
  • Manage and monitor the cybersecurity budget, working closely with procurement on spend.
  • Develop and champion a security-aware culture across the organisation.
  • Leading the cybersecurity team to meet the needs of the organisation as we grow and expand, and as our products and technology become increasingly complex.
  • Report regularly to the board, risk committee and management team on security progress.
  • Partner with business stakeholders and management from all teams across Prospa as a subject matter expert on security issues, priorities and opportunities.
  • Develop and drive large programs of work such as technical infrastructure changes or rolling out required security controls to the organisation.
  • Own and run security operations activities including but not limited to user access reviews, vulnerability assessments, incident response, monitoring and security configuration.
  • Work closely with wider Product and Engineering teams to recommend security architecture as well as minimum security requirements in new and existing products or software.
  • Continually review and improve the security function by identifying possible improvements, developing skills, identifying new techniques and developing automation to mitigate risks.


What you'll need to succeed

  • Minimum 5-8 years of relevant experience in security.
  • Experience with ISO27001 audits and Information Security Management Systems (ISMS).
  • Experience with common information security management frameworks, standards, principles and processes (OWASP, CIS, SANS, ISO, NIST etc).
  • Substantial technical skills including networking, software engineering, systems engineering, penetration testing and security monitoring.
  • Experience with security technologies including SIEM, NGAV and CASB.
  • Experience in a cloud infrastructure environment – AWS or Azure, preferably with PaaS and Windows Operating Systems.
  • Proven experience with security incident response practice and processes.
  • Experience in working with developers to advise on security controls and requirements.


Desirable and highly regarded

  • Relevant security certifications (CISSP, CISM, ISO27001 LA etc)
  • Experience with Payments Card Industry Data Security Standard (PCIDSS)
  • Experience with third-party security programs and security awareness programs
  • Exposure to threat intelligence capabilities and activities
  • Experience in development, systems administration and/or IT operations
  • Experience in highly automated DevOps environments and familiarity with toolsets including Git, ARM, Kubernetes, Docker etc


About you

  • Passionate about cybersecurity and be proactive and self-motivated.
  • Natural instinct to take ownership of processes and documentation.
  • Balances long term thinking with short term outcomes.
  • Confident communicator and be open to constructive feedback.
  • Be a self-starter with the flexibility to work independently and within a team.
  • Good planning, time management and multi-tasking skills.


Come and Join Our Team

If you can see yourself at Prospa and feel you can contribute to the ongoing success of our company, please hit ‘apply’.

We embrace diversity in our people and our thinking and provide a collaborative, inclusive, innovative and respectful environment. We celebrate who you are, recognise & reward great achievements, and actively provide our people the same great experience we provide our customers.

We are committed to being an equal opportunities employer and we never discriminate on the basis of race, religion, gender identity or expression, sexual orientation, age, marital or disability status.

With the greatest respect CVs will not be accepted from recruitment agencies at this time.