Cyber Risk & Compliance Manager

Ko tō mahi – what you’ll do: Lead the Cyber Risk and Compliance team, oversee identification, assessment, and management of cyber security risks, maintain enterprise risk register, and report to senior stakeholders. Design, implement, and test security controls aligned to frameworks like NIST CSF. Ensure regulatory compliance (e.g., PCI DSS) with internal/external audits and remediation. Own and uplift cyber security policies, standards, and procedures; drive continuous improvement and maturity. Manage third-party cyber risk and lead security awareness/training initiatives. Collaborate with business units and governance forums to strengthen capability. Lead, coach, and develop a high-performing team with day-to-day people leadership. Ko tō rourou – what you’ll bring: extensive information security experience, leadership, knowledge of NIST CSF and ISO 27001, PCI DSS compliance experience, relevant tertiary qualification in information security, ISO 27001 Lead Auditor or equivalent, CISM/CISA desirable, ability to influence stakeholders and communicate complex concepts, customer-focused mindset. Ko mātou te rourou – what you’ll get: flexible work-from-home options and work-life balance, health insurance, lifestyle leave, employee discounts, Rainbow Tick certified and a diverse, inclusive environment.