Note:
We're happy for this role to be based in Sydney or Melbourne (hybrid, 3 days in office per week).
Who we are
estateXchange is taking the complexity out of deceased estate administration.
Trusted by Australia's leading lawyers and corporates, we provide a secure, scalable platform that transforms the administration of deceased estates and superannuation death benefits.
Founded by Sarah Poole (ex-NAB) and Marielle Yeoh (ex-PEXA), estateXchange is modernising an industry long defined by paper-heavy processes and slow, fragmented systems.
Backed by leading investors including Macquarie Capital, Little Group, OIF Ventures and prominent Australian business leaders, we're building the category-defining platform for Australia's $5.4T intergenerational wealth transfer.
The difference you'll make
Security and compliance aren't afterthoughts here — they are foundational to our credibility and growth.
Our customers are regulated financial institutions. Their trust in our security posture underpins every commercial conversation.
As our GRC Manager, you will own and evolve our Governance, Risk & Compliance programme end-to-end. You'll be the person our enterprise customers speak to about security. You'll ensure we stay ahead of compliance obligations, maintain industry-recognised certifications, and continue building a security culture that scales with us.
This is a genuine ownership role in a scaling, high-impact environment.
What you'll do
Compliance Programme Leadership
* Own and run SOC 2 Type 2 and ISO 27001 audit cycles end-to-end (evidence coordination, auditor liaison, remediation tracking)
* Maintain and evolve our Information Security Management System (ISMS)
* Design, implement and uplift GRC policies and practices
* Drive continuous improvement across compliance maturity
Customer & Vendor Assurance
* Lead responses to enterprise security questionnaires and due diligence processes
* Maintain standard security documentation and policy references
* Act as a key point of contact for customers on security posture
* Manage third-party vendor risk assessments
Enterprise Risk & Governance
* Build and mature our enterprise risk management framework
* Oversee business continuity, disaster recovery and incident response readiness
* Strengthen AI governance controls and security oversight
* Partner with Engineering on secure SDLC practices and infrastructure security
Cross-Functional Collaboration
* Work closely with the Head of Engineering on secure architecture decisions
* Partner with IT Operations on access management, vulnerability management and evidence collection
* Support Sales and Legal across the procurement lifecycle
* Help shape and embed a security-first culture across the organisation
What we're looking for
* 5–10+ years in GRC, ideally within a SaaS / cloud-native environment and/or a large financial institution
* Deep, hands-on experience running SOC 2 and ISO 27001 programmes (not just exposure — ownership)
* Experience using compliance automation platforms (Vanta preferred, Drata or similar)
* Strong experience responding to enterprise security questionnaires (ideally financial services clients)
* Working understanding of AWS environments and SaaS architectures
* Excellent communication skills — comfortable representing our security posture to enterprise stakeholders
* Thrives in ambiguity and enjoys building systems from the ground up
* Mission-driven, pragmatic, and solutions-oriented
Nice to haves
* Experience in regulated industries (financial services, fintech, superannuation, legal tech)
* Experience building or scaling GRC functions in high-growth startups
Why join us?
* Proven Platform: Trusted by major corporates with enterprise-grade security and performance
* Proven Team: Deep expertise in deceased estates and industry digitisation
* Elite Backing: Supported by some of Australia's most influential investors
* Female Founders: Visionary leaders reshaping an entire industry
* Massive Growth Potential: Be part of a category-defining company
* Modern Tech Stack: Django, React, AWS, Celery
* Competitive Package: Attractive salary and growth potential
* Culture That Matters: Collaborative, transparent, mission-led. We move fast, build smart, and celebrate impact
What's next?
We're partnering with estateXchange (an OIF Ventures portfolio company) to appoint this role.
If this sounds like you, apply directly or reach out to Pam Stevenson at for a confidential discussion. We look forward to connecting soon