Head of Security & Privacy

Education Perfect is an EdTech platform designed to empower educators and amplify their impact in the classroom. We aim to enable teachers to personalise learning at scale with a range of powerful learning, assessment, and insights tools, helping them and their students reach their full potential.

As an EPeep, you’ll work on projects that have a real impact on students' lives and have the freedom, support and resources you need to develop your skills and grow your career.

We’re looking for an experienced Head of Security & Privacy to lead how we approach information security, privacy and AI governance across our organisation. In this role, you’ll shape the strategy that protects our platform, data and the millions of students and educators who rely on our products every day. Working closely with senior leadership and teams across engineering, product and operations, you’ll embed strong security and privacy practices into how we build and operate our platform while supporting innovation in a fast-growing, cloud-native edtech company. You’ll also play a key role in maintaining our ISO 27001 certification, strengthening our security posture and ensuring we continue to deliver trusted SaaS solutions to the education sector.

What you will do

• Lead EP’s information security, privacy and AI governance strategy
• Own and maintain the Information Security Management System (ISMS), security policies and risk framework
• Maintain ISO 27001 certification and compliance with frameworks such as ST4S
• Ensure compliance with global privacy regulations including GDPR, the New Zealand Privacy Act and the Australian Privacy Act as EP’s data protection officer
• Oversee security architecture, tooling, vulnerability management and incident response
• Manage EP’s security and privacy risk register, reporting key risks to senior leadership and the board
• Develop and implement AI governance frameworks to support responsible and ethical AI use
• Lead vendor security and privacy assessments, including third-party risk management
• Drive security awareness and training programs across the organisation
• Manage external security audits and certification processes
• Lead business continuity planning, cyber insurance and risk reporting
• Partner with engineering, product and operations teams to embed security and privacy into our ways of working
• Act as a key point of contact for customers, regulators and government stakeholders on security and privacy matters

About you

• Experience leading security and privacy strategy in a cloud-native or SaaS organisation
• Strong leadership skills with the ability to influence senior stakeholders and cross-functional teams
• Deep knowledge of ISO 27001 and related security frameworks
• Relevant certifications such as CISSP, CISM, AIGP or AWS Certified Security - Specialty are highly regarded
• Strong understanding of cloud security architecture (AWS) and modern application security practices
• Experience working with DevOps environments and secure software development practices
• Experience implementing security monitoring, alerting and incident response processes
• Strong knowledge of privacy regulations including GDPR and the New Zealand and Australian Privacy Acts
• Experience with data governance, classification, retention policies and lifecycle management
• Understanding of AI risks and governance frameworks, including issues such as bias, transparency and responsible use
• Experience conducting security risk assessments, audits and compliance programs

Equitable opportunities, growth, and development lie at the heart of how we work at EP. We understand that not all applicants may possess all the following attributes so if you think you have what it takes, but are not sure you check every box, we would love to still hear from you!

What we offer

• Employee Equity Bonus Plan: Be part of our success with equity bonuses that foster ownership and shared growth across the company
• Christmas Shutdown Leave: Enjoy a full company shutdown during the week of Christmas, with 3 extra days of paid leave to bridge any non-public holidays
• Volunteer Day: All EPeeps receive one paid day per year to volunteer and give back to their communities
• Purchase Extra Leave: Opt-in to buy an extra week of annual leave, with payments spread across the year
• Work From Anywhere: Work up to 90 days per year from a different state or country—perfect for blending work and travel
• Wellness Bonus: Receive a pre-tax $750 NZD End-of-Year Wellness Bonus to support your health and well-being
• Health Insurance: Join our fully funded Southern Cross Wellbeing 1 plan ($500 excess), with optional add-ons and family cover
• Home Set-Up Support: Remote and hybrid workers may be eligible for support to set up a productive and comfortable home workspace
• Communication Allowance: Get $50 NZD/month toward your phone and internet costs if you work remotely or in a hybrid setup
• Parental Leave Support: We support growing families with up to 12 weeks of full-pay top-up for primary caregivers, 3 weeks of paid leave for secondary caregivers, and an extra 5 days of New Parents Leave for both, all available after your first 3 months. Returning primary caregivers also receive enhanced pension contributions to support their financial wellbeing.
• Employee Assistance Program: Access 24/7 confidential support via Sonder for mental health, safety and medical needs - available globally and fully funded by EP
• Learning & Development: Access engaging internal workshops, performance reviews and ongoing development discussions to grow your career
• Tenure Recognition: Celebrate your milestones with bonus leave and cash rewards at 5, 10, and 15 years of service
• Referral Bonus: Recommend great people and earn a $2000 NZD pre-tax bonus when your referral joins and passes their trial period
• Workride: Access a bike, e-bike, or scooter through a temporary pre-tax salary sacrifice, saving 32–63% thanks to tax benefits.
• EP Support Groups: Mana Wahine, DEI, Environmental Impact and Wellness Committees
• The opportunity to work within a growing global business with Diversity Works accreditation, Carbon Net Zero BCorp status, Digital Promise certification, and an unwavering commitment to our mission, people, and community

We celebrate individuality, value diversity, and understand that flexible and remote work opportunities enable our team members to work in a way that fosters creativity and inspires individual brilliance. When you work with us, you're not just joining a company - you're joining a team united by the desire to make a difference.