Team Lead Engineering - Security Governance & Data Protection

Our Purpose

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive.

At Xero, we’re here to make running a business beautiful. By making small business more efficient every day, connecting them with big business technology and empowering a community behind them, their potential is limitless. When that happens, we’re not only helping small business, we’ll be building a stronger economy that can change the world.

How you'll make an impact

As the Team Lead Engineering - Security Governance & Data Protection, you will be responsible for leading two critical security teams:

TheGovernance team, which ensures robust Identity Governance, automates compliance processes, and streamlines Continuous Assurance to support Xero’s ISO and SOC2 attestations, and theData Protection team, which focuses on implementing and managing DLP (Data Loss Prevention) controls as part of Xero’s SASE program and future data security initiatives.

You will drive a risk-based, automation-first approach to security governance and compliance, ensuring efficient access management, streamlined audit processes, and proactive data protection controls. Your role will be pivotal in enabling Xero to scale security operations efficiently, reducing compliance overhead, and ensuring data security as the business grows.

• Lead and expand Identity Governance capabilities, ensuring scalable and efficient user access reviews, provisioning, and entitlements management across AWS and GCP.
• Oversee the Identity Management Engine, ensuring it meets business needs while enabling self-service access control for teams.
• Work with security architects and engineering teams to improve access governance, least privilege enforcement, and automated identity lifecycle management.
• Collaborate with internal stakeholders to ensure alignment between security governance, compliance, and business objectives.
• Develop and implement Continuous Assurance capabilities, automating security controls to support ISO, SOC2, and other regulatory attestations.
• Work with compliance and security teams to streamline audit processes, reducing the manual effort required for security certifications.
• Establish automated security evidence collection for compliance reporting and stakeholder visibility.
• Lead the Data Protection team, focusing on Data Loss Prevention (DLP) controls to protect sensitive data across Xero’s environments.
• Ensure DLP policies are aligned with business needs, balancing security requirements with productivity.
• Work closely with the SASE program team to integrate data security policies into Xero’s cloud and network security architecture.

• As required, lead, develop, and grow a high-performing team by providing coaching, mentorship, and setting a clear direction by connecting the work they do to the Technology and Xero’s strategic objectives.
• Foster a culture of security enablement, where developers and engineers feel supported in building secure products.
• Collaborate with cross-functional teams, ensuring governance and data security initiatives support Xero’s broader security and business strategies.
• Champion continuous improvement, leveraging industry best practices and emerging trends to refine security approaches.
• Promote a culture of psychological safety and inclusion, ensuring all team members feel empowered to contribute and raise concerns.

• Successfully manages and expands Identity Governance capabilities based on product requirements, ensuring access reviews and provisioning are efficient, scalable, and automated.
• Ensures AWS and GCP access management is aligned with least privilege and zero trust principles.
• Implements automation to reduce the operational burden of identity governance and compliance.
• Delivers a Continuous Assurance framework, significantly reducing manual work for ISO and SOC2 attestations.
• Automates compliance evidence collection, making audit and security certifications faster and more efficient.
• Provides clear visibility into security control effectiveness through data-driven insights.
• Successfully deploys DLP controls as part of the SASE program, ensuring proactive data security policies.
• Works closely with security operations and risk teams to monitor and mitigate data security threats.
• Establishes effective incident response processes for data protection violations.

• Clearly understand how their work contributes to Xero’s security and business success.
• Clearly understand their areas of development and their personal growth. Feel supported in their career growth and technical development.
• Actively collaborate with engineering teams, breaking down silos and fostering a culture of shared security responsibility.
• Are empowered and challenged to do their best work and their skills are continuously being developed through new learnings and experiences.
• Contribute to security knowledge-sharing across Xero, empowering product teams to take ownership of security within their domains.
• Are recognised and celebrated for good performance, and effectively managed when performing poorly.
• Are supported to produce the best work of their lives by your understanding and ability to remove barriers.

• Strong expertise in Security Governance, Identity Governance, Compliance Automation, and Data Protection.
• Coach & mentor – Utilising software delivery, technical experience and expertise, offer the right knowledge, at the right time in the right way – understanding why and how people learn.
• Growth mindset – Understand that competency is not fixed but is enhanced through dedication and hard work. Demonstrate a love of learning and resilience to adversity that is essential for great accomplishment.
• High EQ – Self aware, self regulated, motivated and empathetic, with great interpersonal skills.
• Leading/living the vision & values – Build and foster an inclusive and positive team culture. Keep the team’s vision and values at the forefront of decision-making.
• Communicate and help others understand the importance of the vision and values. Translate the vision and values into day-to-day activities and behaviors.
• Have a good understanding of the importance of Xero's Engineering standards and practices and are able to coach teams to adhere to them.
• People Leadership – Demonstrate honesty and integrity. Provide clear objectives, guide career development and foster an inclusive environment that promotes psychological safety and teamwork. Clearly communicate expectations. Have an open mind and the flexibility to change opinions. Develop and support others.
• Teamwork – Work with peers and stakeholders to establish an overall collaborative relationship.
• Outstanding communication and time management skills.

• Experience implementing and managing Identity Governance solutions (e.g., user access reviews, provisioning automation).
• Experience leading Data Protection initiatives, including DLP implementations in cloud and hybrid environments.
• Strong knowledge of SASE, Zero Trust, and cloud security principles, ensuring security is scalable and frictionless.
• Experience in security automation, leveraging tools and platforms to reduce manual effort and improve security efficiency.
• Proven track record of leading teams to deliver high-quality software in a fast-paced environment, leveraging Lean-Agile techniques, while managing competing priorities and ensuring alignment with strategic goals.
• Excellent grasp of modern software delivery practices and life cycle.
• Proven ability to balance the needs of the individual with the needs of the business.
• Experience with coaching and mentoring.
• Strong stakeholder management skills, with the ability to influence without authority and align security priorities with business needs.
• Passion for developer enablement, making security accessible and empowering engineers to write secure code.

• Challenge – Xeros dream big, lead and embrace change.
• Beautiful – Xeros create experiences that people love.
• Team – Xeros are great team players.
• Ownership – Xeros deliver on our commitments.
• Human – Xeros are authentic, inclusive and really care.