GRC Analyst (APAC) - Remote

Employment Hero
Employment Hero

IT

Sydney, NSW, Australia

Posted on Jun 18, 2026
Apply now

Who we are

Employment Hero is on a mission to make employment easier and more valuable for everyone. Our Employment Operating System brings hiring, HR, payroll and benefits into an all-in-one solution.

Since our inception in 2014, we’ve scaled to a $2 billion valuation and gained a presence in 6 countries globally - Australia, New Zealand, Singapore, Malaysia, the UK and Canada. We now service over 300,000 businesses and more than 2 million employees.

The EH Way

At Employment Hero, we’re proud of our unique DNA, which we call The EH Way.

  1. We are Mission First - everything we do (from what we work on, to how we allocate capital and where we focus) is driven by our Mission
  2. We are Remote First - we champion a remote environment with a preference for asynchronous communication and a high degree of autonomy
  3. We are AI First - we are committed to using AI to accelerate our mission; AI is not just a tool, it’s a fundamental part of how we operate, innovate, and scale
  4. We Live by Our Values - we role model our values 100% of the time
  5. We Expect High Performance - we set a high standard and we’re not satisfied with being average

This role

We are looking for a Security GRC Analyst to join Employment Hero's Information Security team. This is a hands-on role working closely with our Security GRC Specialist (Audit) to keep our audit programs running smoothly across a broad portfolio of certifications.

You will have real ownership from day one: managing our compliance tooling, supporting audit cycles, and contributing to risk and vendor processes. You will have a solid foundation to build on, with room to grow into deeper audit and GRC work over time. If you are detail-oriented, reliable in following through, and want to build serious compliance expertise in a fast-paced environment, this role is for you.

As a GRC Analyst, you will be involved in:

Audit & Compliance Operations

  • Own the day-to-day maintenance of Vanta: keep controls current, collect evidence from stakeholders, and manage control statuses across our certification portfolio.
  • Support audit preparation across our ISO and SOC 2 programs: prepare documentation, track auditor requests, and keep audit cycles on schedule.
  • Coordinate evidence collection and follow-ups with internal teams so that nothing is missed.
  • Maintain and report on compliance posture (control health, overdue evidence, vendor review status) to the security team.

Risk & Vendor Support

  • Assist with risk assessments: document, track, and follow up on identified risks in our GRC tooling.
  • Support third-party and vendor risk processes: coordinate vendor questionnaires, track review status, and maintain vendor registers.

Policy & BAU

  • Help maintain and review information security policies: flag outdated content, track review cycles, and support updates where needed.
  • Assist with broader GRC BAU tasks as the team's needs evolve.

Who you are

To thrive at Employment Hero, you’ll need to embody The EH Way - operating with focus, agility, and an obsession with impact. For this role, you’ll also bring

  • A relevant degree or certification (e.g. CompTIA Security+, ISO 27001, ISO 27701, ISO 42001 Lead Auditor, Certified in Cybersecurity)
  • 2 - 4 years in a GRC, compliance, or audit role (analyst, coordinator, or similar).
  • Experience working in a tech, SaaS, or scale-up environment.
  • Familiarity with Vanta or similar compliance automation tools (e.g. Drata, Tugboat Logic) is a strong plus.
  • A working understanding of frameworks like ISO 27001 or SOC 2. You do not need to be an expert, but you should know the basics.
  • Exposure to privacy or AI governance frameworks such as ISO 27701, 27018, or 42001.
  • Strong attention to detail and reliable follow-through. Organised and self-directed, able to manage multiple workstreams at once.
  • Clear communicator who is comfortable chasing stakeholders, asking questions, and keeping people accountable in a friendly but persistent way.
  • Eager to learn and open to feedback, with a genuine drive to grow in information security. The technical depth can be built, the mindset needs to be there.
  • A strong focus on continuous improvement, with a proven ability to challenge the status quo constructively.

What we can offer

At Employment Hero, we don’t just talk about a better way to work - we live it. Joining Employment Hero means

  • You will work remotely, with the flexibility to own your time and impact
  • You will access cutting-edge tools to amplify your work, knowledge and outputs
  • You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life
  • You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies
  • You’ll also have access to a wide range of benefits that includes - a very generous parental leave policy, subsidised egg freezing (so you can make the choice that’s right for you, on your terms), a WFH office expense budget, and outstanding learning & development opportunities

At Employment Hero, we are committed to safeguarding the privacy of your application data. To understand how we do so, you can read our Applicant Privacy Policy here employmenthero.com/legals/applicant-policy/

Employment Hero celebrates diverse perspectives and experiences, we invite people of all backgrounds and identities to apply for this position.

Apply now
See more open positions at Employment Hero