Employment Hero Australia
Employment Hero Australia
Group

Employment OS for your Business

Every part of employment, intelligently run.

Learn more
Request a demo
Start free
AI Employment Operating System Our AI Commitment

Hiring

Hiring & Employment

HeroForce

Employment, done for you

Hire and employ talent on-demand, locally or globally without administrative complexity.

AI Recruitment Agent

Automatically score, screen, and interview applicants. From job post to shortlist in minutes.

Applicant Tracking System (ATS)

Centralised hiring hub. Cut costs and streamline your hiring process in one intelligent platform.

Find talent

Instantly access 2.3M+ ready-to-work candidates. Find the perfect fit before you even post an ad.

Payroll

Payroll

Leave management software

Automated pay rate and tax calculations with transparency

Single Touch Payroll

STP Phase 2 reporting with ATO-certified payroll software

Award interpretation

Fair Work compliant modern award calculations

Managed Payroll

Payroll services that scale with your business

HR

HR

HR & Recruitment agents

Automated, efficient AI powered hiring and onboarding.

Time & attendance

Automate and sync time tracking, timesheets, and rostering

HR advisory & representation

Expert-led advice, compliance checks, and representation in claims

Insights & analytics

Make data-driven decisions with a variety of reports

Employee Experience

Employee Experience

Mobile app

Roll work, pay, savings, and benefits into one employee superapp

Learning management

A huge library of vetted courses tailored to your business needs

Benefits & perks

Big-business benefits on an SME budget

Earned Wage Access

Give your team instant access to their pay, as soon as they earn it

FEATURED

Employment done for you

Payday Super

LEARN

Resources

Blogs

Newsroom

Webinars

Reviews
See Pricing
See all products
Industry solutions
Integrations
Support
Reviews
AI Employment Operating System Our AI Commitment

Employment OS for Partners

Help your clients save time, stay compliant and work easy.

Become a Partner

Hr & Payroll Partners

HR & Payroll Partners

Join the partner network

Explore HR and Payroll partnership opportunities for your business

Referral partners

Get rewarded for referring Employment Hero solutions

Certified partners

Own the sale, onboarding and support of Employment OS with your customers

Strategic Partners

Purple energy icon

Strategic Partners

Become a strategic partner

Build a high-impact partnership with Employment Hero

Superannuation partners

Streamline your super services with Embedded Super

Partner Resources

Green cursor icon

Partner Resources

Partner directory

Streamline payroll, HR and more with our trusted business partners

Learning

See how our partners solve employment for their clients

FEATURED

Hero Foundation

Supporting people into work

Resources
See Pricing
Industry solutions
Integrations
Hero Foundation

Employment OS for Employees

See how Employment Operating System can supercharge work

Learn more
Download the app

Manage Your Work

Work Management

Work admin

Leave requests, timesheets, money and work perks, all in one easy app

Connect with your team

Celebrate wins, shoutout your teammates and stay across updates

Learning & development

Complete critical training, set personal goals and grow your career

Employee Perks

Employee Perks

Earned Wage Access

Access your money as soon as you’ve earned it. No more waiting for payday

Discounts & offers

Save on essentials and earn cashback on day-to-day spending

Employee Assistance Program

Build wellness at work with our Employee Assistance Program

From Anywhere

From Anywhere

Employment Hero work app

Download the app to manage work, pay and perks on the go

Desktop login

Manage HR tasks, training and work admin from the web

FEATURED

Download the app

Download today and start saving
Resources
Support

Employment OS for Job Seekers

See how Employment Operating System can supercharge jobs

Find a Job
Find a job

Find Your Next Role

Find Your Next Role

Find a job

Explore open roles and find work faster with job matching

Prep For Your Next Role

Prep for Your Next Role

Benchmark your salary

See how much you should be getting paid with real-time salary insights

Job hunting tips and tricks

Make finding work easier with these resources, videos and interviews
Resources
Support

Information Security Lead

at Open Group
Sydney, New South Wales 2000, Australia • Full-time
AI Job Summary
  • Proven experience in a senior security role in a technology or scale-up environment.
  • Strong governance/compliance across ANZ and/or UK regulatory frameworks, including policy maintenance and security risk.
  • Understands GenAI/LLM/AI-assisted development risks and builds enabling AI security governance frameworks.

Role Type

Permanent • Full-time • Mid-level Senior

Description

Lead, Information Security

At Open, we exist because we believe that insurance does not have to be seen as complicated or costly. We’re an AI-powered platform transforming insurance globally – making it more transparent, cost-effective, and customer friendly. Since launching in 2016, we’ve grown into a certified B Corporation, operating across ANZ and the UK, and building modern infrastructure that brings wonder into insurance.

Security is a commercial and operational enabler for us: it underpins the trust our partners and customers place in Open, and we’re building the function to match that ambition. This is a rare opportunity to shape what good security looks like at a scaling AI company: owning the governance framework across two jurisdictions, unblocking commercial partnerships, and building the security foundation that supports Open’s growth from an ANZ-rooted business into an established player in the UK and EU market.

What you’ll do

You’ll be the most senior security practitioner in the business: the person who defines what good looks like and earns the trust of engineers, executives and partners along the way.

Open is at an inflection point: a proven platform in ANZ now scaling into the UK and EU, where the regulatory bar is higher, partner scrutiny is deeper, and security needs to grow with it. Reporting through the Founder’s Office to the co-founders and working closely with the Executive Team, you’ll be a peer to Technology, Data and Partnerships. You will contribute to security standards, driving governance, enabling partners, and driving SecOps capability forwards in an AI-native era. You define policies and procedures, and lead interfacing with our partners. You work closely with Technology and Data to implement the associated controls.

The role requires strong technical depth to be credible with engineers, alongside a grounding in Open’s commercial realities as a partner-led, technology- and AI enabled scale-up. This is critical to be effective with partners, senior stakeholders, and to calibrate Open’s InfoSec capability in line with risk appetite and partner expectations.

Governance & Risk

  • Maintain and evolve Open’s information security policy framework across ANZ and UK regulatory requirements (including Australian financial services regulations, SOC 2 Type II, and UK GDPR) – working closely with the regional compliance managers for each geography. Policy direction and sign-off is owned by the co-CEOs.
  • Support Open in maintaining and maturing the security risk register – owning operational reporting and translating security risk into business language for senior leadership team reporting.
  • Drive the operational programme behind our SOC 2 Type II certification, maintaining audit readiness and compliance as the business scales.
  • Own the vendor assessment programme: requesting, reviewing, and managing assessments using our GRC tooling and established AU/UK templates, escalating exceptions to the Founder’s Office and Executive Team as needed.
  • Own Open’s data classification and DLP policy framework: defining standards for sensitive data handling across AU and UK operations, with Technology owning tooling enforcement.
  • Own Open’s AI governance framework for an environment where everyone is a builder: training data classification, customer-facing AI risk (prompt injection, jailbreaks, content safety), and secure use of GenAI tooling and AI coding assistants.
  • Build on existing security awareness initiatives: extending phishing campaigns and team training to include a developer security programme, with a particular focus on secure use of GenAI across engineering, data, and the wider business.
  • Maintain the sub-processor register and change-notification process in line with DPA commitments – co-owned with the regional compliance managers.

Partner & Customer Security

  • Own the end-to-end partner and carrier security assessment process: responding to SIG, VSA, and bespoke due diligence requests across AU and UK, and reducing the commercial friction that assessment delays create.
  • Build and maintain a response library and evidence packs in our GRC platform – enabling faster, consistent turnaround across AU and UK partner requests.
  • Work closely with commercial and partnerships teams to anticipate security requirements early in partner onboarding – getting ahead of requests rather than reacting to them.
  • Own the security input to Data Processing Agreements with partners, carriers, and customers. This includes defining and maintaining Open’s Technical and Organisational Measures, supporting sub-processor disclosures, and contributing the security view to Transfer Risk Assessments under UK GDPR. Work alongside Legal and the regional compliance managers, who own contract negotiation and broader privacy compliance respectively.

Security Standards & Architecture

  • Maintain and evolve security standards and architecture principles across the technology estate in partnership with the Head of TechOps – raising the bar across the technology estate and ensuring the Head of TechOps, data, and engineering squads implement to standard.
  • Lead threat modelling and security design reviews for new products, features, and architectural changes, in collaboration with engineering, data and DevOps.
  • Establish governance over cloud security posture findings: defining triage processes, remediation SLAs, and escalation criteria across our CSPM (Cloud Security Posture Management) and observability tooling.
  • Maintain the AppSec programme: penetration testing cadence, vulnerability disclosure support, and remediation SLAs; with TechOps owning tooling execution. Vulnerability disclosure is managed at C-level; this role supports and feeds into that process.
  • Define network security standards and zero trust principles across Open’s technology estate, in collaboration with the Head of TechOps.
  • Contribute to secure coding standards, with specific focus on GenAI-assisted development practices and the secure use of AI coding tools across engineering, data, and the wider business.

Security Operations

  • Evaluate and recommend an external SOC provider: assess options, define scope, SLAs, and escalation paths, and present a recommendation to the Founder’s Office and Executive Team for decision.
  • Own the ongoing SOC relationship post-onboarding, continuously reviewing and improving monitoring, detection, and response quality.
  • Serve as the operational lead for incident response – coordinating internally and managing the response process, with escalation to the Founder’s Office and Executive Team for significant security events requiring executive involvement or external communication.
  • Maintain and test incident response and business continuity playbooks in collaboration with the Head of TechOps, data and engineering teams.
  • Ensure logging, alerting, and detection capabilities across our cloud platforms (e.g. AWS, Snowflake, etc) are appropriate to the threat landscape.

Leadership & Influence

  • Build the security function’s roadmap and communicate it clearly at every level, from engineers to the senior leadership team.
  • Influence how engineering, data, and TechOps teams approach security – through standards, design reviews, and ongoing collaboration rather than direct authority.
  • Foster a culture of psychological safety, candour, and continuous improvement across the teams you work with.

Who this role isn’t for

This is a broad, commercially-oriented security role in a lean, high-trust environment. It rewards people who are energised by ownership and ambiguity – not those looking for a defined lane or a large team to lead. Specifically, it’s probably not the right fit if:

  • You’re coming from a large enterprise security function and are looking for a similar structure, support team, or delegation model: this role is hands-on by design.
  • Your background is primarily audit, compliance, or governance and you haven’t worked closely with engineering or DevOps teams: technical credibility with builders is essential here.
  • You’re an AppSec or security engineering specialist looking to step up: the majority of the workload is governance, partner-facing, and commercial, not technical execution.
  • You’re motivated primarily by growing a team: the function is intentionally lean, and that’s unlikely to change significantly in the near term.
  • You’re looking for a purely advisory remit: this role owns outcomes, not recommendations.

What you’ll bring

Required

  • Proven experience in a senior security role in a technology or scale-up environment.
  • Strong governance and compliance background across ANZ and/or UK regulatory frameworks, including policy maintenance and security risk reporting.
  • AI-forward security mindset – you understand the risk landscape around GenAI, LLMs, and AI-assisted development, and can build governance frameworks that enable rather than block.
  • Sufficient technical depth to contribute credibly to security standards, lead threat modelling, and ensure engineering and data teams are working to standard – without needing to own the tooling.
  • Experience evaluating or managing an external SOC: detection scope, incident response, and escalation.
  • Experience owning partner and customer security assessments at a commercial level – SIG, VSA, and bespoke due diligence.
  • Confident communicator from engineer to senior stakeholder – you translate risk into business language and can uplift security literacy across a leadership team.
  • Comfortable operating collaboratively alongside Engineering, Data, and TechOps – effective without direct authority over those functions.
  • Solid understanding of AWS security, DevSecOps practices, and secure SDLC principles.
  • Practical experience contributing to DPAs and TOMs in a B2B context — comfortable working alongside legal and privacy counterparts on partner contracts.
  • Experience operating a sub-processor register and change-notification process in a B2B SaaS or regulated context.

Preferred

  • Relevant certification: CISSP, CISM, CRISC, CCSP, or equivalent.
  • Familiarity with Cyber Essentials Plus or equivalent UK security certification frameworks.
  • Experience with cloud security posture management tooling (e.g. Wiz, or equivalent).
  • Experience with SIEM or security observability tooling (e.g. Datadog, GuardDuty, or equivalent).
  • Experience operating across multiple geographies (ANZ and UK, or equivalent).
  • Exposure to the insurance, fintech, or regulated financial services sector.
  • Degree in Computer Science, Information Security, or a related field

Role location

Where you’ll work

This role is based in Sydney, Australia. We work in a hybrid model, with teams in the office on Mondays, Tuesdays, and Thursdays. We’ve found this rhythm genuinely supports collaboration and the kind of fast, high-trust culture we’ve built. You’ll have flexibility on the other days to work in a way that suits you.

Why Open?

Open is on a mission to make it easy for everyone to get the most from their insurance. Insurance is one of the world’s least digitally mature industries – for years it’s remained confusing, paper-based and heavily intermediated. We launched in 2016 to build a global, AI-powered platform that digitises the entire insurance process, making it transparent, less costly and more reliable.

It’s an exciting time to join Open and be part of a tech scale-up. We provide our team with:

  • Highly competitive compensation, including share options – we believe in paying people what they’re worth and having everyone in our company share in our success.
  • High levels of autonomy and trust so you can do your best work.
  • Growth opportunities internally – as you grow, your role can too.
  • Flexible working – we are about impact, not time at your desk.
  • We encourage freedom and responsibility, including the ability to work from anywhere.
  • Paid company parental leave, supporting all parents as they balance career and family.
  • Bonus leave – additional paid leave designed to support rest and wellbeing once standard leave has been utilised.
  • Personal development allowance – flexible annual benefit to support learning, wellbeing and personal growth.

More about us

Open is a certified B Corporation using business as a force for good, and we’re proud to be an equal opportunity employer committed to building an inclusive, high-performing team.

We encourage you to apply even if your experience doesn’t match every requirement – we’re looking for people who are curious, courageous, innovative, and motivated by impact.

If you want to help build the future of insurance, we’d love to hear from you.

Showing results of for ""

Company

About us

Careers

Become a partner

Media Centre

Get in Touch

Contact Us

Sales

HR Login

Support

Service Centre

Help Centre

Implementation Hub

Pick your region

Australia

New Zealand

United Kingdom

Singapore

Malaysia

Canada

Product

Products

Solutions

Integrations

Quick Demos

Employment Hero work app

Connect