Mātanga Grc Mātāmua Senior Cyber Grc Specialist

Mātanga GRC Mātāmua Senior Cyber GRC Specialist

Full-time

**Company Description**:
Z has a clear purpose: Powering better journeys, today and tomorrow. As one of New Zealand’s largest transport energy companies, we have a commitment to delivering safe, secure, and reliable transport energy - with the opportunity to deliver new journeys, with new energy solutions in a changing world.

We are proud to be the Kiwi contingent in the Ampol Group, an independent Trans-Tasman energy company, with trading offices across the globe, which are united behind our shared purpose. While many of the challenges and opportunities we face go beyond national boundaries, together we have the scale, influence, and capability to deliver for our customers, communities, and our people.

The Cyber, Risk & Governance teams' purpose is to protect Ampol Group’s reputation and social license to operate by enhancing our cyber resilience. We support Ampol Group in achieving its business goals by managing cyber and IT risks effectively and pragmatically and by adopting a proactive approach. We enable business value rather than being a barrier. Through early detection and response to cyber events, we mitigate risks and deliver business value in the face of ever-changing technologies and strategic opportunities. Additionally, we build trust in Ampol with our customers through the delivery of more secure solutions.

As a Senior Cyber GRC Specialist, you’ll be supporting the cyber security governance, risk and compliance processes across Ampol, including IT suppliers, outsourced providers, and internal IT environments. Assessing, aligning, and testing security controls to meet regulatory obligations and industry best practices.

You will have the opportunity to
- Translating strategy into action: Takes strategic direction and executes daily tasks like policy updates, risk assessments, and compliance checks.
- Managing workflows: Owns and progresses GRC tasks such as control testing, risk reviews, third-party assessments, and audit preparation.
- Conducts assessments: Leads or assists with cyber risk assessments, control gap analyses, and audits
- Maintains registers and dashboards: Keeps risk registers, control libraries, and compliance tracking tools up to date to inform reporting and oversight.
- Prepares reports and presentations: Gathers data and drafts reports for management and governance forums, giving visibility into risk posture and compliance status.
- Tracks KPIs and KRIs: Monitors performance and risk indicators, escalating deviations to the management with context and suggested actions.
- Cross-Functional Liaison: Develop strong and collaborative relationships with stakeholders across the Ampol Group including business partners, technology managers within the Technology, Digital & Data (TDD) function, and broader teams across the organization.
- Identifies improvement opportunities: Spot inefficiencies or emerging risks in the current GRC framework and proposes practical solutions
- Implements and enhancements: Once approved, drive process or control improvements with mínimal supervision.
- Team Support: Support Cyber GRC team members to foster a culture of excellence, and knowledge sharing

**Qualifications**:
What you’ll bring to Z
- A sound knowledge of industry environments, architecture, technologies, and IT services with a strong cyber risk management expertise in identifying, assessing and evaluating cyber and information risks in technology landscape.
- Good stakeholder engagement skill, with the ability to create consensus amongst key stakeholders with different views to establish a shared approach within Ampol
- Strong planning, prioritisation, organisational skills and the capacity to be flexible in balancing priorities to meet/exceed customer needs.
- Proven expertise in governance, risk and compliance either internally or from a consulting or assurance professional service firm.
- Demonstrated expertise and experience in industry regulations (e.g., Critical Infrastructure Act 2018, Privacy Act 1988), industry standards (e.g., PCI DSS), and risk and control frameworks (e.g., NIST CSF, ISO 27001).
- Proven expertise in the use of project management methodologies to assist teams in meeting deadlines and agreed outcomes.

And of course, you’ll be passionate about what matters to Z, embracing and living our values to help us deliver on our aspirations and broader commitment to Aotearoa New Zealand.

**Additional Information**:
What we can offer you
- A competitive remuneration package including short-term incentive plan, medical insurance for you and your family, enhanced employer contribution for KiwiSaver
- Generous leave provisions including enhanced sick leave, parental leave benefits and the option to buy additional leave
- The balance of hybrid working, enjoy some of your week at home and some in our welcoming office space
- The opportunity to contribute and be part of a supportive team that is here to make a diffe