Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
UpGuard

InfoSec Governance Risk and Compliance Lead

UpGuard

InfoSec Governance Risk and Compliance Lead managing cybersecurity compliance programs at UpGuard. Spearheading information security initiatives and cross-functional risk management for a rapidly expanding tech company.

Posted 6/26/2026full-timeRemote • 🇦🇺 AustraliaSeniorWebsite

Tech Stack

Tools & technologies
CloudCyber SecuritySwift

About the role

Key responsibilities & impact
  • Drive the development, maturity, and execution of UpGuard’s InfoSec Governance, Risk, and Compliance function, with primary ownership over technology and cybersecurity risk.
  • Partner closely with procurement, legal, and business stakeholders to embed security reviews into the purchasing lifecycle. Lead Third-Party Risk Management (TPRM) evaluations for new and existing vendors.
  • Review security exhibits, Data Processing Agreements, and security questionnaires during procurement negotiations to safeguard UpGuard and its customers.
  • Partner with the CISO to contribute expert analysis on broader enterprise and operational risk matters, ensuring a unified approach to risk management.
  • Architect and run the technology and security components of the Risk Management process. You will maintain, continually improve, and deliver executive-ready reporting on trends, vulnerabilities, and strategic insights.
  • Formally own the technology and security control components of UpGuard’s annual SOC 2 Type II audit cycle. Design, manage, and coordinate remediations and improvements stemming from prior cycles, incident post-mortems, and internal assessments.
  • Work cross-functionally with the Product team to develop public-facing trust documentation, while identifying security control gaps and improvement opportunities within the Product Development Life Cycle (PDLC).
  • Draft, implement, and maintain a robust framework of InfoSec policies, standards, processes, and guidelines tailored to an evolving threat landscape.
  • Design and implement comprehensive, company-wide security awareness and compliance training programs utilizing the MindTickle platform.

Requirements

What you’ll need
  • 4+ years of dedicated experience in Information Security, IT Audit, or GRC within a technical, cloud-based landscape.
  • Deep familiarity and hands-on experience with modern technology risk management frameworks, GRC platforms, and Third-Party Risk Management (TPRM) tools.
  • Experience partnering with procurement, legal, and privacy teams across diverse geographic areas (e.g., GDPR/CCPA, anti-corruption) to review vendor contracts, technical agreements, and security exhibits.
  • A clear, collaborative communicator capable of translating complex technical risks into clear business impacts for stakeholders, customers, and vendors.
  • The ability to work independently, take swift initiative, and manage the fine details while never losing sight of long-term strategic goals.
  • A skillful issue-spotter and adaptive learner who can confidently navigate ambiguity and evaluate legal/business risk trade-offs.
  • High ethical standards, meticulous attention to detail, a team-first attitude, and a dual passion for teaching and learning.

Benefits

Comp & perks
  • Monthly Lifestyle subsidy: Use this for financial, physical, and mental well-being
  • WFH set-up allowance: To ensure you have the right environment to work in, we will help you get set up within your first 3 months at UpGuard
  • $1500 USD annual Learning & Development allowance: To support your career development, all team members will be able to expense development opportunities against this allowance
  • Annual leave: PTO plus two additional UpGuardian leave days to give you time to recharge your batteries.
  • 18 weeks paid Parental Leave: Irrespective of parenting role
  • Personal Leave Allowance: This includes sick & carer’s leave
  • Fully remote working environment: While we have physical offices in Sydney & Hobart, we do not mandate compulsory attendance
  • Top-spec hardware: All team members will be provided with top-spec laptops for their role
  • Generative AI subsidy: UpGuard provides paid subscriptions for all team members to access generative AI tools to support their work

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Information SecurityIT AuditGovernance, Risk, and Compliance (GRC)Third-Party Risk Management (TPRM)SOC 2 Type II auditData Processing Agreementssecurity policiessecurity awareness trainingrisk management frameworksProduct Development Life Cycle (PDLC)
Soft Skills
collaborative communicatorindependent workerinitiativeattention to detailissue-spottingadaptive learnernavigating ambiguitystrategic thinkingteachinglearning