Cyber Security Business Partner (Information Security Manager)

Hi, we’re PEXA!

We know you’ll Google us before applying, so let’s keep this brief. PEXA revolutionised the way that property is settled in Australia, turning a paper-based process into a digital one. Our solution is a world-first, with over 500 people across Australia and an expanding international team, we’re helping 20,000+ families into their homes each week.

We’re passionate about solving problems for our customers – always striving to set the standard for how property is bought and sold. Being awarded as one of the best places to work in Australia is a recognition of our culture and commitment to innovation, customers and our community.

We’re growing fast, that is where you come in.

We believe our success in Australia is worth sharing and that our proven technology will advance how the UK buys and sells homes.

Establishing ourselves within the UK in late 2020, we are committed to collaborating with lawyers, conveyancers, lenders, government and the property industry, to set the new standard for both remortgages and buying and selling property.

Why become a PEXArian?

Great question! Being a PEXArian is so much more than just a job. We’re a passionate, motivated and unashamedly enthusiastic bunch at PEXA – we love what we do and we’re proud to admit it! Creating brilliant experiences for our members and their clients wouldn’t be possible without ensuring we deliver an exceptional employee experience.

Here’s a snapshot of what your life at PEXA could look like:

Your growth:

We encourage you to hit your personal and professional learning and development goals with our tailored programs and tools.

Your wellness:

We care about your holistic wellbeing

Your work/life blend:

We know that work is just one aspect of your life – we want to help you create your ideal work/life blend, rather than squeezing in life around work.

The Information Security Manager / Cyber Security Business Partner (CSBP) plays a vital role in ensuring the alignment of cyber security initiatives with the strategic and operational goals of the organisation.

This role serves as a key interface between business units and the cyber security function, delivering risk-based guidance, promoting a strong security culture, and enabling security innovation.

You will have experience managing customer cyber assurance activities, supporting external audits (e.g., ISO 27001, Cyber Essentials Plus), and maintaining regulatory compliance, particularly with Financial Conduct Authority (FCA) cyber-related controls. Proficiency in cloud security controls and an ability to translate cyber risk into business context are essential.

You will have a technical background in Cyber/InfoSec and are now passionate about aligning with strategic and operational goals. This role does not manage a team.

Key Accountabilities

Cyber Security Partnership & Advisory

• Act as the security point of contact for UK business units, aligning cyber security goals with business priorities
• Provide guidance on secure-by-design principles during project planning, procurement, and solution development
• Build strong relationships across technical and non-technical stakeholders to promote security best practices
• Ensure that the business’ information security posture is continuously improved through proactive security measures, monitoring, and reporting

Customer Cyber Assurance & Regulatory Compliance

• Lead and manage customer cyber security assurance activities, including due diligence and technical assurance engagements
• Support the development and maintenance of materials that evidence the organisation’s cyber maturity and compliance posture
• Liaise with internal audit and risk functions to ensure cyber and information security controls align with FCA expectations and industry standards

External Audit & Certification Support

• Lead preparation and support for external audits, including:
• ISO 27001
• Cyber Essentials and Cyber Essentials Plus
• Customer and regulatory assessments
• Collaborate with compliance, risk, and IT teams to ensure audit readiness and implement improvements

Cloud Security & Technology Risk

• Provide expertise on cloud security controls (e.g. identity and access management, encryption, logging, secure configuration) across AWS and Azure environment
• Ensure secure adoption of cloud-native services in accordance with recognised frameworks (e.g., CIS Benchmarks, NIST, OWASP)

Risk Management & Governance

• Identify and assess cyber risks within business processes and technology environments
• Support risk mitigation planning, tracking, and reporting in line with enterprise risk frameworks

Awareness, Culture & Reporting

• Contribute to business-targeted cyber security awareness and education initiatives
• Promote a culture of shared accountability for security and resilience
• Produce and maintain reporting information as required

Skills & Experience

Required:

• 5+ years’ experience in a cyber security, risk, or assurance role, with strong stakeholder-facing exposure
• Demonstrable experience with:
• Customer cyber assurance activities
• External audit preparation, including ISO 27001, Cyber Essentials Plus
• Proficient in cloud security (AWS, Azure, or GCP), including security control implementation and risk assessment
• Working knowledge of NIST, ISO 27001, FCA Handbook (SYSC), and relevant NCSC guidance
• Excellent verbal and written communication skills, with the ability to engage effectively at all business levels

Desirable:

• Background in financial services or regulated industries
• Experience in third-party/vendor risk assessment and assurance
• Relevant Cyber Security or IT degree level education
• ISO 27001 Lead Implementer / Auditor
• CISSP, CISM, CRISC
• AWS/Azure security certifications

Sounds like you?

We at PEXA are ready so if this role sounds like you apply today.

To be conducted as part of post offer employment checks:

The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found at [ Cifas ].

GDPR Compliance

Digital Completion UK Limited (trading name “PEXA”), Optima Legal Services Limited (trading name "Optima Legal") and Smoove Limited (a holding company which comprises of the following wholly owned trading Subsidiary companies: United Legal Services Limited, United Home Services Limited, Legal-Eye Limited, and Amity Law Limited) are all owned directly by DigCom UK Holdings Limited, which is a wholly owned Subsidiary of PEXA Group Limited in Australia (ACN 140 677 792; ASX: PXA) (referred to collectively as “PEXA Group”).

When we process your applicant personal data for recruitment purposes, we do so as a controller. If as part of the recruitment process, we share your personal data with another company within the PEXA Group, that company may process your personal data as either an independent controller or, in certain circumstances, a joint controller. By applying for this role, you consent to us processing your personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, and further information can be found in our privacy notice .

#PEXAUK