Title:  Cyber Risk & Compliance Analyst - Third Party

Ko mātou tēnei – our organisation

At One New Zealand, our purpose is to unlock the magic of technology to create an awesome Aotearoa. We're focusing on investing more into simpler and better products and services, to make things even better for New Zealanders. 

We are delighted to announce that we have been awarded a #2 ranking in Randstad’s Most Attractive Employers in New Zealand within the IT and telecommunications sectors as well as being nominated as finalists for the 2023 Retail Employer of the Year Award.

We are also proudly Rainbow Tick certified and champion diversity of thought, perspective and background. We offer a friendly and open environment with leading flexible working practices that help people maintain a personal and professional balance that works for them and their whānau.

Uia mai koe te pātai, he aha te mea nui o tēnei ao? Māku koe e ki atu he tangata, he tangata, he tangata.

“If you asked me, what is the greatest thing in this world, I would say it is people, it is people, it is people.”

Ko tō tūranga – your role

The Cyber Risk & Compliance Analyst – Third Party responsible for identifying, assessing, and mitigating cybersecurity risks while ensuring compliance with regulatory requirements, industry standards, and internal security policies.

Ko tō mahi – what you’ll do

• Support the organization’s third-party cybersecurity risk management framework, which includes providing conducting & reviewing vendor security risk assessments (new & ongoing). 
• Manage escalations of high and very high risks as required, liaising with the business in the risk acceptance process as per the Cyber Risk Management Framework, and implementation of vendor mitigations. 
• Work with vendors & One NZ business owners to reduce cyber risk. 
• Implement efficient processes for continuous security monitoring of vendors to proactively ensure vendors security posture does not reduce during the life-time of the contract.  
• Ensure third-party vendors are compliant with relevant regulatory and compliance requirements (e.g., ISO 27001, NIST, PCI-DSS, SOC 2, etc.). 
• Assist in the review of vendor contracts in line with One NZ Security Policies.  
• Assist in the review of the Supplier Information Security Policy and any related Security standards.  
• Provide guidance & training for business units to support the third party risk management program. 
• Work with Procurement to ensure 3rd Party Risk management is effective throughout the lifecycle of the contract 
• Champion and execute updates to existing reporting and 3rd party risk technology framework to reduce risk and enhance efficiency. 
• Support regulatory, internal & external audits/reviews where cyber security inputs are required.  
• Assist in the conducting of the cyber controls assurance testing to assess adherence to the One NZ cybersecurity policies, utilising the One NZ cyber security framework.  

Na tōu rourou - what you’ll bring

• Embed a customer obsessed culture within team through relentless customer focus
• 3-5+ years industry experience in information security
• Relevant tertiary qualification 
• Knowledge of cyber security principles and frameworks (e.g. NIST, ISO27001, PCI DSS)
• Excellent communication and stakeholder management abilities
• Professional qualifications or training such as CISM desired.

Nā mātou te rourou – what you’ll get

• One New Zealand is leading the way by ensuring you can have a truly balanced life. Most roles allow flexibility to work from home and flex your hours to enjoy work & family commitments.
• A fully subsidised Southern Cross health insurance cover for you and your family.
• KiwiSaver employer contribution
• Laptop, unlimited data plan, market leading cell-phone for business or personal use.
• Lifestyle leave where you can purchase an extra week or two of annual leave.
• Discounts on One New Zealand products, services and much more!