Mātanga GRC Mātāmua Senior Cyber GRC Specialist

Company Description

Z has a clear purpose: Powering better journeys, today and tomorrow. As one of New Zealand’s largest transport energy companies, we have a commitment to delivering safe, secure, and reliable transport energy – with the opportunity to deliver new journeys, with new energy solutions in a changing world.  

We are proud to be the Kiwi contingent in the Ampol Group, an independent Trans-Tasman energy company, with trading offices across the globe, which are united behind our shared purpose. While many of the challenges and opportunities we face go beyond national boundaries, together we have the scale, influence, and capability to deliver for our customers, communities, and our people.

Job Description

The Cyber, Risk & Governance teams' purpose is to protect Ampol Group’s reputation and social license to operate by enhancing our cyber resilience. We support Ampol Group in achieving its business goals by managing cyber and IT risks effectively and pragmatically and by adopting a proactive approach. We enable business value rather than being a barrier. Through early detection and response to cyber events, we mitigate risks and deliver business value in the face of ever-changing technologies and strategic opportunities. Additionally, we build trust in Ampol with our customers through the delivery of more secure solutions. 
 
As a Senior Cyber GRC Specialist, you’ll be supporting the cyber security governance, risk and compliance processes across Ampol, including IT suppliers, outsourced providers, and internal IT environments. Assessing, aligning, and testing security controls to meet regulatory obligations and industry best practices. 
 

You will have the opportunity to 

• Translating strategy into action: Takes strategic direction and executes daily tasks like policy updates, risk assessments, and compliance checks. 
• Managing workflows: Owns and progresses GRC tasks such as control testing, risk reviews, third-party assessments, and audit preparation. 
• Conducts assessments: Leads or assists with cyber risk assessments, control gap analyses, and audits 
• Maintains registers and dashboards: Keeps risk registers, control libraries, and compliance tracking tools up to date to inform reporting and oversight. 
• Prepares reports and presentations: Gathers data and drafts reports for management and governance forums, giving visibility into risk posture and compliance status. 
• Tracks KPIs and KRIs: Monitors performance and risk indicators, escalating deviations to the management with context and suggested actions. 
• Cross-Functional Liaison: Develop strong and collaborative relationships with stakeholders across the Ampol Group including business partners, technology managers within the Technology, Digital & Data (TDD) function, and broader teams across the organization. 
• Identifies improvement opportunities: Spot inefficiencies or emerging risks in the current GRC framework and proposes practical solutions 
• Implements and enhancements: Once approved, drive process or control improvements with minimal supervision. 
• Team Support: Support Cyber GRC team members to foster a culture of excellence, and knowledge sharing 

Qualifications

What you’ll bring to Z 

• A sound knowledge of industry environments, architecture, technologies, and IT services with a strong cyber risk management expertise in identifying, assessing and evaluating cyber and information risks in technology landscape. 
• Good stakeholder engagement skill, with the ability to create consensus amongst key stakeholders with different views to establish a shared approach within Ampol 
• Strong planning, prioritisation, organisational skills and the capacity to be flexible in balancing priorities to meet/exceed customer needs. 
• Proven expertise in governance, risk and compliance either internally or from a consulting or assurance professional service firm. 
• Demonstrated expertise and experience in industry regulations (e.g., Critical Infrastructure Act 2018, Privacy Act 1988), industry standards (e.g., PCI DSS), and risk and control frameworks (e.g., NIST CSF, ISO 27001). 
• Sound general IT experience (application and infrastructure) including systemic knowledge of IT development, operational and change management processes and methodologies. 
• Proven expertise in the use of project management methodologies to assist teams in meeting deadlines and agreed outcomes. 

And of course, you’ll be passionate about what matters to Z, embracing and living our values to help us deliver on our aspirations and broader commitment to Aotearoa New Zealand. 

Don’t meet every single requirement? At Z we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles. 

Additional Information

What we can offer you  

• A competitive remuneration package including short-term incentive plan, medical insurance for you and your family, enhanced employer contribution for KiwiSaver 
• Generous leave provisions including enhanced sick leave, parental leave benefits and the option to buy additional leave 
• The balance of hybrid working, enjoy some of your week at home and some in our welcoming office space 
• The opportunity to contribute and be part of a supportive team that is here to make a difference 
• A chance to build your own capability through learning from some of the industry’s most knowledgeable people who have a desire to share their insights along with access to upskilling opportunities and career development across the organisation 
• Two days a year to do Good in your Hood, though our volunteering scheme, a chance for you to help others in your community in a meaningful way to you   

The base salary range for this role is $121,000 - $150,000 per annum, plus 15% STI based on company performance, a 5% KiwiSaver employer contribution and health insurance through Southern Cross.

Why Z?

Z has always been a proud Kiwi company. We’re aspirational for our future, confident of our role in Aotearoa New Zealand’s success and deeply loyal to our customers, communities and people.  

At Z we focus on achieving extraordinary outcomes by setting the appropriate context, rather than by telling our people what to do. By doing this, high performing and talented people deliver better results and are more personally fulfilled. 

We care deeply for our people while pushing them to achieve their best as individuals and collectively as an organisation. Our flexible working approach and Rainbow Tick and Gender Tick accreditations - backed by our strong company values, Tū Kaha Stand Up, Tū Maia Speak Out, Tū Kotahi Side by Side - have created an open and inclusive workplace that promotes personal development and is underpinned by a desire for our people and our communities to succeed.  

One of the things we stand for at Z is Diversity & Inclusion. It is our belief that having a diverse workforce make it possible for our people to truly be themselves and deliver on our aspirations for Z.  

We’re distinctive in our approach and if you’re up for a challenge, we’d love you to be part of it. If Z sounds like a place you believe you can add value and grow your own capability, then make sure you read Our Why. This is our founding document and provides further insights in what it means to part of the Z whānau.  

If Z feels like a good match for your head and your heart, come join us for one heck of a journey! 

Whakauru | Apply

Please include a cover letter in your application, telling us why you’re a great fit for Z. 

Applications close: Friday, 26/9/2025

Please note that we may begin shortlisting as we receive applications. We encourage early applications as we may withdraw the advertising at any time. 

To be considered for this position you must have the legal right to live and work in New Zealand.