ABOUT ORDE FINANCIAL
ORDE is a nonbank lender of 200+ employees built exclusively for brokers, combining human and credit expertise with innovative technology to help brokers build stronger futures for their clients. We reflect the reality of today’s borrowers, from SMEs with complex needs to near-prime clients seeking clearer paths forward.
Since 2020, ORDE has funded more than $10b in loans and supported over 16,000 borrowers – all through brokers. We offer Residential, Commercial, SMSF and Construction loans and other specialised solutions, with fast decisions, deep credit insight and a streamlined digital experience.
We are passionate (and a bit obsessed…) about being disruptive and pushing hard to improve the experience and results for mortgage brokers. Our purpose “Built for Brokers” is clear and simple and define our entire strategy (delivering better experiences, more value and opportunity, anticipating more needs and communicating more solutions, for brokers and their customers).
ABOUT THE ORDE INCOME FUND
ORDE recently introduced the ORDE Income Fund (the Fund), a registered retail managed investment scheme investing in Australian mortgage assets. It is unlisted, open-ended and currently offers a 12-month pooled mortgage investment product.
The Fund is intended to become a key pillar of ORDE and the leading public expression of ORDE as both a non-bank lender and Australia’s highest quality asset manager within its asset class.
The Fund has exceeded $100m in funds under management and is scaling though early-stage capital raising, with a full retail launch pending.
ABOUT THE ROLE
We’re seeking a Security Engineer to act as a key in-house security SME within a blended IT and Security Operations team. This is a mid-level, hands-on role focused on improving day-to-day security operations,
while working closely with Technology Operations so that smaller, repeatable and well-defined security activities can be shared across the broader
operations team. You will support incident response, security and compliance obligations, security partners, and practical controls across identity, endpoint, Microsoft 365, SaaS platforms, integrations and other cloud-based business systems, helping embed security into how the technology team operates every day.
Your key responsibilities will
include:
- Act as a key in-house security SME within the Security and IT team, providing practical guidance on security operations, compliance obligations, technology change and control design.
- Lead the triage, coordination and improvement of security incidents, working with internal teams and external security partners where appropriate.
- Help prioritise security uplift by assessing threats, control gaps, regulatory expectations, business impact and operational effort.
- Improve and assure core security controls across areas such as identity, endpoint, Microsoft 365, SaaS platforms, integrations, cloud-based business systems, vulnerability management and user security.
- Support information protection and data security controls, including the secure handling of company, broker and customer information.
- Support identity and access management controls, including privileged access, access reviews, joiner/mover/leaver processes and MFA-related controls.
- Provide pragmatic security input into technology change, projects and vendor implementations so risks are identified early and controls are workable.
- Work with the broader Security and IT team to embed security into service management, access management, endpoint management, change processes, documentation and day-to-day operations.
- Maintain practical standards, procedures, playbooks and runbooks so repeatable security activities can be shared safely and consistently across the team.
- Support vulnerability management, internal assessments, audits, third-party risk reviews, evidence collection and remediation tracking.
- Contribute to security awareness activities, including training and phishing simulations.
- Maintain clear security reporting across incidents, control health, vulnerabilities, compliance activity, awareness and uplift progress.
- Operate with appropriate autonomy, taking ownership of agreed security work while escalating material risks, decisions and priorities through the Head of Security and IT.
Why would we choose you?
- 3–5 years’ experience in operational cyber security, security engineering, security
operations or a similar hands-on security role.
- Strong practical capability across incident response, vulnerability management,
identity, endpoint, Microsoft 365, SaaS, integrations and cloud-based business
system security controls.
- Able to operate as a trusted mid-level security SME in a blended Security and IT team,
providing guidance without becoming a bottleneck for all security activity.
- Good judgement in prioritising risk, making practical decisions and communicating
clearly with technical and non-technical stakeholders.
- Experience working with MDR, SOC, security monitoring or incident response partners, including managing escalations, challenging findings where appropriate and turning partner outputs into practical actions.
- Comfortable turning security and compliance obligations into workable controls, procedures,
evidence, reporting and operational routines.
- Experience working in, or supporting, regulated environments where security controls,
audit evidence, risk management and operational discipline matter.
- Familiarity with security frameworks and standards such as the ACSC Essential Eight, ISO
27001, NIST CSF or similar.
- Strong documentation, prioritisation and ownership, with a bias toward practical
improvement over theoretical security.
- Security certifications are beneficial but not essential; proven judgement, ownership
and delivery matter most.
Why would you choose us?
- We are a fast-growing successful company.
- We think it’s exciting to be part of a team which is building something which will make
a difference.
- We are focused, disruptive, think outside of the box and will encourage you to try new
things.
- We really care about our people and want them to have the best experience of their
career.
- We guarantee fun, a challenge, learning and growth!
- We embrace being challenged through diversity of thoughts.
- We have a highly collaborative culture and provide an inclusive, enjoyable office
experience for all staff.
- We are Melbourne based and think being in the office all together is important and we
think working from home is too: three days in the office (Mon-Tues-Thurs), two
days at home.
- We remunerate well and reward high performance.