Head of Security, Privacy
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Head of Security & Privacy leading EP’s information security strategy and compliance within cloud-native solutions. Collaborating with teams to ensure strong security and privacy practices across the organization.
Responsibilities:
- Lead EP’s information security, privacy and AI governance strategy
- Own and maintain the Information Security Management System (ISMS), security policies and risk framework
- Maintain ISO 27001 certification and compliance with frameworks such as ST4S
- Ensure compliance with global privacy regulations including GDPR, the New Zealand Privacy Act and the Australian Privacy Act as EP’s data protection officer
- Oversee security architecture, tooling, vulnerability management and incident response
- Manage EP’s security and privacy risk register, reporting key risks to senior leadership and the board
- Develop and implement AI governance frameworks to support responsible and ethical AI use
- Lead vendor security and privacy assessments, including third-party risk management
- Drive security awareness and training programs across the organisation
- Manage external security audits and certification processes
- Lead business continuity planning, cyber insurance and risk reporting
- Partner with engineering, product and operations teams to embed security and privacy into our ways of working
- Act as a key point of contact for customers, regulators and government stakeholders on security and privacy matters
Requirements:
- Experience leading security and privacy strategy in a cloud-native or SaaS organisation
- Strong leadership skills with the ability to influence senior stakeholders and cross-functional teams
- Deep knowledge of ISO 27001 and related security frameworks
- Relevant certifications such as CISSP, CISM, AIGP or AWS Certified Security - Specialty are highly regarded
- Strong understanding of cloud security architecture (AWS) and modern application security practices
- Experience working with DevOps environments and secure software development practices
- Experience implementing security monitoring, alerting and incident response processes
- Strong knowledge of privacy regulations including GDPR and the New Zealand and Australian Privacy Acts
- Experience with data governance, classification, retention policies and lifecycle management
- Understanding of AI risks and governance frameworks, including issues such as bias, transparency and responsible use
- Experience conducting security risk assessments, audits and compliance programs
Benefits:
- Employee Equity Bonus Plan: Be part of our success with equity bonuses that foster ownership and shared growth across the company
- Christmas Shutdown Leave: Enjoy a full company shutdown during the week of Christmas, with 3 extra days of paid leave to bridge any non-public holidays
- Volunteer Day: All EPeeps receive one paid day per year to volunteer and give back to their communities
- Purchase Extra Leave: Opt-in to buy an extra week of annual leave, with payments spread across the year
- Work From Anywhere: Work up to 90 days per year from a different state or country—perfect for blending work and travel
- Wellness Bonus: Receive a pre-tax $750 NZD End-of-Year Wellness Bonus to support your health and well-being
- Health Insurance: Join our fully funded Southern Cross Wellbeing 1 plan ($500 excess), with optional add-ons and family cover
- Home Set-Up Support: Remote and hybrid workers may be eligible for support to set up a productive and comfortable home workspace
- Communication Allowance: Get $50 NZD/month toward your phone and internet costs if you work remotely or in a hybrid setup
- Parental Leave Support: We support growing families with up to 12 weeks of full-pay top-up for primary caregivers, 3 weeks of paid leave for secondary caregivers, and an extra 5 days of New Parents Leave for both, all available after your first 3 months. Returning primary caregivers also receive enhanced pension contributions to support their financial wellbeing.
- Employee Assistance Program: Access 24/7 confidential support via Sonder for mental health, safety and medical needs - available globally and fully funded by EP
- Learning & Development: Access engaging internal workshops, performance reviews and ongoing development discussions to grow your career
- Tenure Recognition: Celebrate your milestones with bonus leave and cash rewards at 5, 10, and 15 years of service
- Referral Bonus: Recommend great people and earn a $2000 NZD pre-tax bonus when your referral joins and passes their trial period
- Workride: Access a bike, e-bike, or scooter through a temporary pre-tax salary sacrifice, saving 32–63% thanks to tax benefits.
- EP Support Groups: Mana Wahine, DEI, Environmental Impact and Wellness Committees
- The opportunity to work within a growing global business with Diversity Works accreditation, Carbon Net Zero BCorp status, Digital Promise certification, and an unwavering commitment to our mission, people, and community
Similar Jobs
Lead Technical Consultant, Cybersecurity Defense
Lead Technical Consultant managing Cyber Defense projects across Germany, Austria, and Switzerland. Responsible for technical implementation and innovation in Cyber Defense architectures.
Staff Security Product Engineer
Security Engineer building AI-driven security products for application security and operations. Collaborating with product teams to design systems that act on security signals and workflows.
Cybersecurity Risk Engineer
Designing and maintaining secure cloud infrastructures as a Cybersecurity Engineer at Ensemble Health Partners. Focused on enhancing security controls and analyzing potential vulnerabilities in cloud structures.
Engineer, Cybersecurity Risk
Engineer II, Cybersecurity designing and maintaining secure infrastructures for Ensemble Health Partners, while analyzing cloud structures for enhanced security methods.
Senior AI Cybersecurity Engineer
AI Cybersecurity Engineer designing and executing cybersecurity-focused AI governance programs. Collaborating with cross-functional teams on secure AI solutions and policies while ensuring compliance and risk management.
Technical Writer, Cybersecurity
Technical Writer ensuring clarity and consistency in federal cybersecurity documentation. Edit and format various technical documents while collaborating with analysts and SMEs.
Cybersecurity Program Manager
Cybersecurity Program Manager overseeing contract performance and managing cybersecurity teams for federal clients in a remote capacity. Ensuring quality, audit-ready security assessment services are delivered.
Information Security Engineer
Information Security Engineer assessing web technologies and coordinating remediation at G-P. Collaborating with teams to enhance application security and develop automation tools.
Cybersecurity Compliance Lead
Cybersecurity Compliance Lead at Fresche Solutions responsible for leading the cybersecurity compliance program and mentoring team members. Overseeing audits, developing strategies, and fostering a security culture.
Senior Security Architect
XAAS Consultant advising clients on IT Security, focusing on infrastructure, cloud, and application security. Involves hands-on security assessments and developing security architectures.
Security Specialist – Cryptography
Security Specialist focusing on Cryptography for remote projects at The Whiteam Consulting. Collaborating with technology consultants to optimize business profitability.
Protection and Security Specialist
Sicherheitskraft plant und setzt Maßnahmen zur Gefahrenabwehr für Veranstaltungen um. Zusammenarbeit mit Kunden und Behörden in einem der größten Messeunternehmen der Welt.
Information System Security Officer
Information System Security Officer managing security authorization for federal information systems. Overseeing RMF lifecycle activities and ensuring compliance with federal directives.
KMS Security Engineer – Security
KMS Security Engineer ensuring security in crypto wallets for a leading money app company. Responsible for mitigating security risks and collaborating with development teams to maintain security integrity.
Staff Security Engineer
Staff Security Engineer role at a Managed Service Provider overseeing security solutions across diverse clients. Focus on technical leadership, architecture, mentoring, and compliance.
Bug Bounty Security Researcher
Bug Bounty Security Researcher identifying and reporting vulnerabilities in software applications and systems for Inspectiv. Contributing to improving security and participating in bug bounty programs.
IT Security Compliance Assurance Manager – CAM
Information Security Compliance Assurance Manager at Gainwell, managing audits and compliance with HIPAA and NIST frameworks for the organization. Leading security controls and compliance efforts with executive stakeholders and IT.
Social Security Disability Case Manager
Social Security Disability Claims Case Manager at Mindset assisting clients with claims application processes. Responsible for gathering documentation and advocating for clients' claims.
Analyst – Cyber Security Compliance
Cyber Security Analyst conducting PCI Compliance assessments at global live entertainment company Live Nation. Assuring effective implementation of security controls aligned with organizational standards.
Cloud Security Engineer
Cloud Security Engineer ensuring cloud infrastructure security at Camping World. Bridging strategic security requirements with technical implementation in a fast-paced environment.