About us
splose is the AI-powered practice management platform transforming Allied Health. Trusted by over 17,000 Allied Health professionals across Australia, New Zealand, and the UK, splose is purpose-built to free clinicians from admin and let them focus on what matters most - helping people, and we’re only just getting started. Backed by leading VC fund EVP and fuelled by a $5M Series A, we’re scaling fast- investing deeply in our product, our people, and our global growth.
About You
You’re a Security & Compliance professional who thrives on helping a healthcare SaaS business scale safely while meeting the expectations of customers, regulators, and partners. You have experience working with security and privacy frameworks such as ISO 27001, GDPR, HIPAA, and the Australian Privacy Act, and you know how to translate these into practical processes that enable growth rather than slow it down.
You’re hands-on and pragmatic—skilled at turning compliance requirements into lightweight, repeatable practices that fit a fast-moving SaaS company. You balance governance with agility, and you’re motivated by the challenge of working in a highly regulated healthcare environment where security and privacy are mission-critical.
About the role
Responsibilities include:
- Drive compliance with and embed requirements from GDPR, HIPAA, and Australian privacy laws into day-to-day processes so we can scale without regulatory risk.
- Own and evolve our Information Security Management System (ISMS) to support ISO 27001 certification and ongoing compliance.
- Maintain a living risk register to capture, prioritise, and track security and privacy risks, giving leadership visibility and driving timely remediation.
- Write and keep up-to-date the core security and privacy policies that guide the business, ensuring they’re practical and actually followed.
- Coordinate external audits, penetration tests, and certifications, and make sure findings are remediated without slowing the business down.
- Support engineers and product teams in building compliance into systems — from data handling to logging and access controls.
- Deliver training and awareness programs that make security and privacy part of everyday culture, not just check-the-box exercises.
- Help sales and customer success teams by responding to security questionnaires and representing our compliance posture to enterprise customers.
- Report on compliance status, risks, and key initiatives directly to the CTO and executive team.
What you'll bring
Essential
- 5+ years’ experience in information security, compliance, or risk management.
- Experience with implementing compliance with GDPR, HIPAA, and the Australian Privacy Act, including breach notification obligations.
- Strong knowledge of ISO 27001 and how to run an ISMS in practice.
- Experience managing audits, certifications, or penetration testing engagements.
- Ability to write clear, practical policies and risk assessments.
- Excellent written and verbal communication skills, especially for reporting to leadership and engaging with auditors/customers.
- Ability to translate compliance into practical processes that fit a scaling SaaS environment.
- Strong communication skills to engage with execs, engineers, and customers alike.
- Organised and detail-oriented, but able to focus on what matters most.
- Pragmatic and collaborative — you know how to balance compliance with the need for speed in a high-growth business.
- Able to influence without red tape, building buy-in for security and compliance across the company.
Desired
- Certifications such as CISM, CISA, ISO 27001 Lead Implementer/Auditor, or CIPM/CIPT.
- Experience in healthcare tech or other regulated industries.
- Exposure to cloud-native SaaS environments (AWS/Azure), DevSecOps practices, or security automation.
- Comfort working with customers on security and compliance due diligence.
Location
While we’re proudly based in Adelaide, we’re a flexible, multi-city team and welcome candidates from Adelaide, Sydney or Melbourne to join us wherever you do your best work! Our teams in Adelaide and Sydney work in a hybrid environment, while our Melbourne team is fully remote for now.
How to apply
Interested candidates should apply via LinkedIn only. Please click the ‘Apply’ button, complete the prescreening questions, and attach your most up-to-date CV. If you send your application via email or direct message to any of our team, we may miss it, so please follow this process to ensure we receive your application.
Next Steps
Qualified candidates will be contacted for an initial screening call, followed by a panel interview.
Equal Opportunity Employer
splose is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. If you need support and adjustments in participating in this process, please let us know!
Recruiters: Thank you for your interest, but we are not accepting agency submissions for this role.
