Risk Compliance Officer

Sandstone Technology is a leading provider of loan origination, internet banking and mobile banking solutions to financial institutions globally. Headquartered in Sydney, New South Wales and with offices in Manila in the Philippines and Leeds in the UK, Sandstone is delivering world's best practice strategic banking solutions to financial institutions globally. Our business is built around our people and our shared vision of continuous innovation, building market leading products, and partnering with our valued customers to transform banking experiences.

The Role

This is a global role working closely with customers, suppliers and internal stakeholders to drive security and compliance programs within Sandstone. The Risk & Compliance Officer will have responsibility for security policies and ensuring compliance with these policies, including driving an awareness program and culture within Sandstone. The role will also be responsible for the periodic training for relevant colleagues in Australia, Philippines and UK and the completion of compliance questionnaires.

The role will have significant autonomy and the successful candidate will be a key member in security discussions with Sandstone customers and suppliers.

Key Responsibilities

• Ownership of ISO compliance process.
• Maintain knowledge on relevant legislation and regulation (particularly as it relates to Australia and UK data protection, cyber security) and promulgate that knowledge within the organisation
• Drive, maintain and enhance Sandstone's risk and compliance framework
• Manage & coordinate to customer audit requests & RFP security questionnaires, provide required evidence and attestations, and provide client assurance packs
• ISMS responsibilities, including updating and monitoring risk assessments, collating and reporting on metrics and conducting regular analysis of effectiveness of ISMS, escalating, following up and flagging non-compliance, managing ISMS incidents and mitigation plans and reviewing effectiveness of compliance and security training.
• Review, update and manage ISMS policies and procedures
• Supplier management, including undertaking periodic supplier assessments and managing supplier compliance in relation to SST policies
• Organise / conduct annual internal audits and facilitate annual ISO Audits
• Internal stakeholder management and influence in relation to Risk and Compliance priorities.

About you:

• Minimum of 5+ years in a similar role
• Experience with security governance, policies, principles, practices, standards and controls including ISO27001
• Working knowledge of privacy legislation including GDPR, Australian Privacy Act, Australian Privacy Principles
• Able to demonstrate the capability to manage Information security challenges at an enterprise level
• Identify and resolve security risks using analytical and problem-solving skills
• Proven ability to be highly organised and responsive
• Strong communication and negotiation/influencing skills
• Financial Services and/ or software house experience is preferable
• Develop, manage and implement of SOC 2 & SOCI compliance framework initiatives.
• Knowledge and experience in Data Security Management or PCI certification will be highly regarded.

Why Sandstone?

• Career development planning and opportunities to achieve certifications such as SAFe, AWS
• Access to learning & development resources as well as a personal budget and allocated time off for additional training of your choice
• Flexibility and work/life balance
• Opportunities to work with the latest technologies such as cloud, AI/ML (depending on your interests)
• Fantastic team culture and social activities, weekly volleyball throughout the year (when possible)
• Fully stocked fridge and snack cupboards

A bit about us

Before "fintech" was a thing, our founders were dreaming up new ways to transform banking, simplifying the customer journey and the employee experience.

29 years later Sandstone Technology is still leading the charge, innovating and evolving as the industry evolves. Our high client retention rate is our proudest achievement with 33 financial institutions across Australia, New Zealand, Asia and the United Kingdom placing their trust in our solutions.

If you like the sound of this challenge and are interested in working with us, apply now with your up to date resume