Nov 24, 2021

Security Risk & Compliance Manager

  • Canva
  • Sydney NSW, Australia

Job Description

We’re constantly working towards making Canva the best place to work, for everyone. We believe deeply that bringing together diversity of thoughts, perspectives and expression is key for building the best product for our equally diverse community all around the world. We celebrate uniqueness and whatever makes you, you and encourage everyone who wants to help us transform the way the world designs, to join us on this journey. We value all different types of experiences. If you don’t think you quite meet all of the qualifications, we’d still love to hear from you.  
About UsAt Canva, our mission is to democratise design and empower creativity for anyone and everyone, on every platform. Inspired by a team of talented thinkers, an amazing culture and a remarkable growth trajectory – we’re out to change the world, one design at a time. 
Since launch in August 2013, we have grown exponentially, amassing over 60 million monthly active users across 190 different countries who have created more than 6 Billion designs. We are one of the world’s fastest-growing technology companies and we have only achieved about 1% of what we want to do.
About the Risk & Compliance ManagerAt Canva, we want to ensure that we know and understand our security risks and our compliance obligations so that decision-makers throughout the organization have the information that they need to make good risk decisions. As a Security Risk & Compliance Manager, you will be involved in a diverse range of risk management activities including consulting on projects and proposals, periodic risk reviews, and internal and external audits.  You will work with staff from across the organization to identify and assess risks to Canva’s information assets as well as data that our customers have entrusted to us.
The successful candidate will have the option of being based out of our Sydney office or being fully remote within Australia.
About the Security GroupThe Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk. The group runs programs across Identity and Access Management, Application Security, Governance, Risk and Compliance, and Threat Detection and Response domains.


  • Actively contributing to all aspects of Canva’s information security management system.
  • Engaging with people from all parts of Canva to identify risks and to design risk treatment plans.
  • Tracking the progress of risk treatment plans and keeping Canva’s risk register up to date.
  • Performing risk and security assessments for new and existing vendors.
  • Providing support for audits and certification projects.
  • Providing risk and compliance input to teams.
  • Collating data and providing input for management reporting.
  • Identifying and implementing measures to improve the operation of risk management activities.

Required Background and Experience

  • Minimum 3 years experience in IT operational risk.
  • Familiarity with common industry IT risk management and security certifications and standards (ISO 27001, SOC 2, PCI DSS, etc).
  • Strong verbal and written communication skills.
  • Ability to work alongside both technical and non-technical colleagues across all levels of an organisation.
  • Experience prioritising and progressing multiple tasks and projects.
  • A high-level of attention to detail.
  • A continuous improvement mindset.

Beneficial Experience (not required, but helpful)

  • Familiarity with Amazon Web Services and the security offerings and controls that they provide.
  • Familiarity with FedRAMP.
  • Experience with Atlassian Jira, Confluence.
  • Experience in software development or IT operations.


  • Flexible hours and a hybrid working model which values work-life balance
  • Our very own Canva University, internal coaching, and Employee Support Programs to help you be your best
  • Unique and flexible leave options so you can recharge, give back, support others or focus on your own professional development 
  • An annual Vibe & Thrive Allowance for you to spend as you choose on personal education, wellbeing, home office, and social connection
  • Virtual and in-office fitness and yoga classes, an onsite gym, and breakfast, and lunch prepared at our pet-friendly Sydney office by in-house chefs
  • Canva For Good program matches your not-for-profit donations and a range of sustainability and ethical initiatives to get involved in
  • Support for family and carers including a parental leave policy that prioritizes inclusivity, recognizing the diverse representations of modern families, and supporting work-life balance
  • And more!
We make hiring decisions based on your experience, skills and passion. If you’re keen to apply and need reasonable adjustments or would like to note which pronouns you use at any point in the application or interview process, please let us know.