Senior Security Governance Analyst


We’re a passionate team of brilliant achievers, and together we’re using technology to take the small business finance industry to the next level. Our mission is to keep small businesses moving – with smart cash flow solutions right when they need them. Supporting them through ups and downs. Making their lives easier. Helping them Prosper.

The Role

Security at Prospa is about working towards a robust and effective security function to protect Prospa and its customers and enable the business to grow.

As a Senior Security Governance Analyst, you will focus on ensuring that Prospa’s security governance practices and processes are maintained and operating effectively, including ownership, and driving our ISO27001 Information Security Management System (ISMS). The role will also be responsible for driving our vendor security program and running the security awareness program.

What you will be doing

  • Owning and maintaining the ISO27001 Information Security Management System (ISMS), including maintenance of policy documents and coordinating audit activities and annual certification.
  • Tracking and maintaining the ISMS risk register, including associated risk treatment plans, identifying, and capturing new risks, and ensuring this is tracked appropriately in our GRC (Governance Risk and Compliance) system.
  • Manage Prospa’s vendor cyber risk assessment program to ensure third-party vendor’s meet our security expectations.
  • Ownership of the cyber security awareness program, including mandatory training programs, phishing simulations, and targeted security training for specialised teams to drive education of staff on security risks.
  • Developing, sourcing, and reporting on key security metrics to senior leadership and the executive.
  • Work closely with the General Counsel and Compliance Manager to assist with enterprise-wide compliance and risk management initiatives.
  • Contribute to various security projects as part of the cyber security roadmap.

What you’ll need to succeed

  • 4+ years relevant experience in security, preferably in a security governance or consulting role with practical experience working on security audits and risk management programs.
  • Experience in working with various stakeholders to advise on security controls and requirements.
  • Good understanding of information security best practice standards and guidelines (e.g. ISO27001, NIST, PCI-DSS, ASD8, OWASP, CIS), Australian Privacy principles and APRA CPS 234
  • Strong written and verbal communication skills and the confidence to liaise with senior stakeholders.
  • Relevant security qualifications and professional certifications highly regarded but not required (CISSP, CISA, CRISC, Security+, ISO27001 LA etc.)

Don’t let a confidence gap get in the way of submitting your application. We’d love to hear from you and see if this could be a great match.

What we offer

  • Bonuses and stock options
  • Flexible ways of working (Remote AU work on offer)
  • Winter @ Prospa (think free days off, themed events, swag, massages, coffee carts and a whole lot more)
  • Team and companywide social events
  • Volunteer leave & paid parental leave
  • Career development opportunities & study assistance
  • A chance to be a part of one of Australia’s fastest scaling tech organisations

Why Prospa?

We embrace diversity in our people and our thinking and provide a collaborative, inclusive, innovative and respectful environment. We celebrate who you are and actively provide our employees the same great experience we provide our customers.

It’s super exciting every day. Always moving. Always something new around the corner. And we’ve only just cracked the surface.

Open the door. Feel the buzz. Want in?