Information Security Risk & Compliance Manager
Genesis is New Zealand\ 's largest energy retailer, supplying electricity, natural gas and LPG to more than 600,000 customers across the country and providing almost 20% of New Zealand\ 's electricity. We\'re embarking on a transformational journey to re-imagine energy, with the industry experiencing big changes driven by customer demand and technology. With that drive for technology, we need to ensure we have robust operational processes and people that are skilled and prepared to reduce the risk on our Information Assets.
About the role:
As the Information Security Risk and Compliance Manager, you will provide guidance and expertise on governance, risk and compliance and security frameworks to maintain Information Security policies and guidelines to comply with applicable standards, legislation and regulation.
Maintain and drive a program of security awareness across the organisation. Ensuring relevant topics are discussed on a regular basis, and information is shared across multiple channels to gain the best possible coverage.
Create robust, scalable programs to deliver policy and compliance objectives in product areas and general technical infrastructure.
Support the development and maintenance of security plans, policies, procedures, standards, and guidelines aligned to best practice industry frameworks.
Provide guidance and expertise on governance and security frameworks to maintain Information Security policies and guidelines to comply with applicable standards, legislation and regulations.
Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks.
Define and perform internal control assessments (e.G. ISO27001) to identify opportunities for improvement and drive the development of action plans with stakeholders.
Embed the security function as a component of every business function. Liaise closely with the Information Security team and deliver robust and understandable presentations across the business.
Minimum 5 years\ ' experience in IT Security Management, ideally in a similar or complex industry.
Experience with security policy, standards, and controls definition.
Hands-on experience performing and evaluating risk assessments.
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
Knowledge of, or experience working with Cloud technologies/environments, including evaluating and implementing controls on Software as a Service (SaaS) services and Cloud infrastructure.
Along with your technical background, you will bring an engaging style, able to easily discuss all things security and compliance across the business. You\ 'll be a fresh thinker, effortlessly juggling a continuous improvement culture while mitigating security risks.
At our heart, we\ 're a people company. The quality of our operational, safety and financial performance relies strongly on the well-being, capabilities and performance of our employees. Working here means you\ 'll be part of a dynamic and diverse environment, working alongside committed and talented people, who are all encouraged to reach their full potential.
Our objective is to create and support an engaged culture by setting up our employees to succeed. We reward our staff with a strong remuneration and benefits package, a collaborative, fun culture, flexible working (hours, location, leave) and ongoing development opportunities to name a few. There isn\ 't a one size fits all, so talk to us today about what\ 'd make this role work for you.