Information Security Officer

Hybrid/Remote or in-office in Melbourne, Australia

Atticus is hiring an Information Security Officer to support our information security and internal IT operations. You'll work closely with and report to the Information Security Manager, contributing across compliance, the information security management system, and technical security projects.

About us

Atticus is a Melbourne-based scale-up founded in 2017, which offers the leading technology in document fact-checking. We are on a mission to ensure every critical document is accurate and defensible. Our software helps our customers (law firms, listed companies, and funds) fact-check critical documents before they are disclosed to market. Our users love Atticus because we save them a lot of pain in high stakes, high stakes work.

Much of that trust comes from how we manage security and reliability behind the scenes. As we work with regulated customers in sensitive industries, they expect a high standard when it comes to data protection, risk management, and technical governance. This role plays a part in helping us meet those expectations by supporting the day-to-day operations that keep our internal systems secure and our external posture strong.

About the role

As a member of the product team, you'll be a critical link between our customers and the product.

Our Information Security Officer works closely with the Information Security Manager to keep our security program running smoothly. The role covers a combination of internal IT management including device and access administration, assisting with compliance activities such as audits, and helping respond to customer security assessments. You'll work across multiple areas of our security program, often navigating ambiguous or unfamiliar problems, and will need to take initiative, follow through reliably, and pay attention to details. There will also be opportunities to contribute to technical security projects, whether that's assessing application security controls, reviewing cloud security settings, or refining internal tooling and processes to make our work more efficient.

You'll be working across a range of responsibilities that support the smooth running of our security and IT operations:

• Organisational security and compliance:
  supporting and improving the ongoing operation of our information security management system, including work related to ISO 27001 and SOC 2. This includes collecting evidence for audits, assisting with vendor management, risk reviews, and training logistics, and maintaining internal documentation to support these activities.
• Internal IT operations:
  administering IT systems including access provisioning and deprovisioning, device management, and user support. You'll also work with areas such as identity and access management, endpoint protection, privileged access management (PAM), identity providers (IdPs), and data loss prevention (DLP) as we continue to improve how we manage devices, users, and data.
• Customer security assessments:
  drafting and maintaining responses to customer security questionnaires and due diligence requests.
• Process improvement and automation:
  spearheading projects that make our procedures more efficient and our processes more automated across both our information security management system and technical security controls, with the goal of reducing manual effort and improving our overall security posture.
• Technical security work:
  where you have the skills and interest, contributing to technical tasks such as reviewing cloud and application configurations, investigating security issues, or applying your background in areas like penetration testing, incident response, or digital forensics to improve controls and surface risks.
• Ongoing development:
  continuously upskilling through structured training or self-directed study, regardless of your level of experience.

About you

You are an information security professional with a strong sense of ownership, motivated to grow, and comfortable working independently. You have a genuine passion for information technology and cybersecurity, and you're driven to deepen your expertise over time. You are either early in your cybersecurity career, currently working in IT and seeking a transition into security or already working in another area of cybersecurity such as penetration testing, incident response, or digital forensics and looking to shift into risk, governance, and compliance while still applying your technical skills.

If you're transitioning from a role in penetration testing, incident response, or digital forensics and looking to move into governance, risk, and compliance (GRC), your experience is highly regarded and will be actively used in the role. You want to join a company that cares about doing things properly, values thoughtful and reliable work, and is full of genuinely friendly and supportive people.

You bring a set of qualities that make you effective in an environment where problems aren't always clearly defined, and doing things properly matters:

• Creative and flexible
  : we're a small team doing things that nobody has done before, so you'll want to be excited about tackling unknown problems and pitching in to help even when you don't quite feel like you know exactly what you're doing.
• Natural communicator
  : communication is a first-class skill, particularly in a remote world, so we take this seriously. More than just good spelling and grammar, you're great at building relationships and getting things done with others, whether it's through Slack, Zoom or in person.
• Measure twice, cut once:
  we believe that long term, true velocity and agility comes from putting in enough planning that you can move fast without breaking things. "Slow is smooth, and smooth is fast."
• Bias toward action:
  generally, when in doubt, you give something a try and see if it works. Yes, doing the right thing is best, but doing the wrong thing is generally better than doing nothing at all.
• Outcome-focussed:
  you don't confuse a great slide deck for genuine user outcomes. You're able to separate the process from the outcome, and if you're blocked on the process you were expecting to take, you try other ways of getting that outcome.

You also bring a foundation of relevant knowledge and skills that help you contribute meaningfully across both IT and security:

• Information security management system:
  familiarity with ISO 27001, SOC 2, or similar frameworks, and an understanding of how organisations implement and manage security controls.
• Cloud, network, and application fundamentals:
  foundational or practical understanding of how networks operate, how cloud environments are configured, and how web applications function, including how these systems are designed and secured. Hands-on experience in any of these areas is a bonus.
• IT systems and device management:
  experience with common operating systems like macOS, and familiarity with managing user access, devices, and identity-related tooling. Exposure to areas such as mobile device management (MDM), identity providers (IdPs), privileged access management (PAM), or data loss prevention (DLP) is a plus.
• Technical writing and communication:
  able to produce clear, structured documentation and adapt your communication style depending on the audience.
• Qualifications and certifications:
  A university degree in IT or cybersecurity, or a certification such as CompTIA Security+, is valued but not essential. Certifications from industry-recognised bodies like GIAC, specifically GSEC and GCIH, are highly regarded.
• Bonus experience:
  prior work in areas such as penetration testing, incident response, or digital forensics is highly regarded and can be valuable in supporting broader security and risk initiatives.

Benefits

• Competitive comp ($90-120k dependent on ability and experience)
• 100% remote/hybrid friendly within Melbourne (come to the office, work from home, or a bit of both. It's up to you)
• Flexible work hours (we care about outcomes)
• New MacBook and $2,000 home office setup budget
• Five weeks leave each year (and never work on your birthday)
• 16 weeks paid parental leave
• Dog-friendly office in Collingwood, Melbourne
• Generous professional development program

Interested?If this sounds to you like we're a great match, please apply below. You can also read more about us on our careers page.