GRC Security Specialist

About Airwallex

Airwallex is the only unified payments and financial platform for global businesses. Powered by our unique combination of proprietary infrastructure and software, we empower over 200,000 businesses worldwide – including Brex, Rippling, Navan, Qantas, SHEIN and many more – with fully integrated solutions to manage everything from business accounts, payments, spend management and treasury, to embedded finance at a global scale.

Proudly founded in Melbourne, we have a team of over 2,000 of the brightest and most innovative people in tech across 26 offices around the globe. Valued at US$8 billion and backed by world-leading investors including T. Rowe Price, Visa, Mastercard, Robinhood Ventures, Sequoia, Salesforce Ventures, DST Global, and Lone Pine Capital, Airwallex is leading the charge in building the global payments and financial platform of the future. If you’re ready to do the most ambitious work of your career, join us.

Attributes We Value

We hire successful builders with founder-like energy who want real impact, accelerated learning, and true ownership. You bring strong role-related expertise and sharp thinking, and you’re motivated by our mission and operating principles. You move fast with good judgment, dig deep with curiosity, and make decisions from first principles, balancing speed and rigor.

You're humble and collaborative; turn zero‑to‑one ideas into real products, and you “get stuff done” end-to-end. You use AI to work smarter and solve problems faster. Here, you’ll tackle complex, high‑visibility problems with exceptional teammates and grow your career as we build the future of global banking. If that sounds like you, let’s build what’s next.

As a GRC Security Specialist here at Airwallex, you will be a trusted member of the Information Security team. Reporting to the InfoSec GRC Manager, this role will see you becoming a critical part of Airwallex’s global mission, helping to proactively identify and mitigate information security risks to the organisation, as well as designing and implementing policies and procedures that are innovative, challenging the traditional norms of the industry.

You’ll work closely with Legal, Engineering, and senior leadership regarding international regulatory compliance, data privacy and other aspects of risk and data governance.

The InfoSec GRC and Engineering teams work closely together and often collaborate directly, so engineering experience of any kind will serve you well, and this role would be best suited for someone with a software development or IT background, who has moved into the world of information security compliance.

This is a dynamic and autonomous role. It requires independent thinking, with experience in project management and robust design, but without being tied up in traditional solutions and methodologies. An ideal candidate will see compliance as a challenge to iterate on, rather than a box to be checked.

This role requires a professional or native level of Portuguese language skills and this will be tested in the interview process.

What You'll Be Doing

• Manage the body of security controls and documentation, executing them to a high standard while refining and iterating.
• Implement automation and monitoring information security controls, exceptions, risks, and testing.
• Implement an innovative security risk program that aligns to regulatory requirements, ensuring documented and sustainable risk management.
• Develop and maintain security standards and policies, reporting metrics, dashboards, and evidence artefacts to support both internal and external stakeholders.
• Develop resources to help non-technical employees understand information security and compliance requirements.
• Partner with other Airwallex teams to build collaboration, and establish shared responsibilities and resources for security, data protection and governance, risk management, and privacy.

What You'll Bring

• Deep knowledge of relevant compliance, regulatory and control frameworks including PCI-DSS, ISO 27001, SOC2 and similar standards. You should have been involved in at least one completed security audit, and be intimately familiar with their flow.
• Working knowledge of technology policy creation and maintenance, especially in the context of security. Some experience with tuning policies to meet complex regulatory requirements.
• A strong familiarity with Information Security concepts, practices, and solutions; you might have a technical background yourself, or just have spent a lot of time working closely with engineering teams. Regardless, tech doesn’t scare you and you can speak the language fluently.
• A working understanding of complex cloud environments and the way they impact modern security and compliance operations.
• An understanding of financial services or payments, especially prior work experience with the fintech industry.
• A passion for solving the complex challenges of high-growth startups, and for thinking creatively about ‘solved’ problems.
• An industry-leading security degree or certification is highly desired. Examples include a BS or MS in Cybersecurity; or a CISSP, CEH, CISA, etc.
• A Professional or native level of Portuguese language skills.

Key skills/competency

• Information Security
• Risk Management
• Regulatory Compliance
• Data Privacy
• PCI-DSS
• ISO 27001
• SOC2
• Cloud Security
• FinTech Industry
• Project Management