Posted 16 July, 2026
Risk Management Analyst
Cubic Corporation
Wellington, WGN, NZ
Full Time
Reference: 5efa521cbf71691d
Job Description
Job Summary As a member of the Cubic information security team, you will provide security compliance support for production transaction processing environments, evaluating the posture of security controls and the operating environment to ensure compliance with organization security policies and controls. You will plan, execute, and assess IT compliance evaluation programs across the organization, isolate potential risks or liabilities, develop mitigation plans, and partner with external auditors to facilitate PCI-DSS, ISO 27001, and other audit efforts. Responsibilities Perform as the recognized Subject Matter Expert on security risk assessment methodology, policy, strategy, and processes. Facilitate all security audit operations, including scheduling, vendor coordination, program management, and stakeholder coordination. Coordinate with internal and external auditors and IT teams to successfully complete periodic audits. Schedule and conduct control walk‑through meetings, addressing follow‑up procedures to ensure stakeholders understand duties and responsibilities. Lead design and control reviews and assessments to support continuous compliance with security policies and standards. Manage security review processes for all solutions to ensure that their design and implementation meet compliance requirements—including PCI‑DSS, ISO27001, SOC1 & SOC2, and regional requirements such as Australian Essential8 and NewZealandNZ‑ISM. Document and actively communicate any areas where solutions and processes are not fully compliant. Identify and report significant information security risks associated with applications, development, networking, data centers, cloud, physical IT infrastructure, vendors, and other third parties. Identify stakeholders for remediation of compliance gaps and actively engage them to understand required actions. Gain acceptance of responsibility and track progress toward remediation. Manage escalation as needed if solutions are not resolved in a timely manner. Work with system operators and security subject matter experts to communicate compliance gaps and develop acceptable remediation plans. Capture compliance gaps and remediation plans in the OneTrust GRC system. Plan, review, and perform control monitoring on complex customer‑facing systems using OneTrust. Liaise and engage with Cubic customers and security teams to build positive relationships and outcomes. Support efforts to educate security management and team members in compliant IT processes and controls. Prepare and maintain process and control documentation. Translate audit findings into practical recommendations and partner with operations and engineering teams for remediation. Follow up on recommendations and appraise corrective actions taken to improve deficient conditions. Ensure that all corporate standards, SDLC, change management, and risk governance protocols are followed. Review vendor contracts and SOC reports to evaluate the impact on company controls. Coordinate with third‑party vendors where appropriate. Skills & Experience Strong written and oral communication skills in English. Proficiency with Microsoft Office solutions. Ability to collaborate effectively with team members, clients, IT management, staff, and business units in a cross‑functional, matrixed IT organization. Comfortable working with staff at all levels and in other geographical locations. Familiarity with PCIDSS4, ISO27001‑2022, and SOCI/II requirements and audits. Expert‑level experience collaborating with stakeholders and solution providers in a cross‑functional, matrixed IT organization. Ability to adapt messaging to persuade and deliver insights that relate to the wider business. Demonstrated ability to advise others on complex matters and deliver business‑focused outcomes. Advanced problem‑solving skills, applying professional knowledge to complex models and procedures. Desirable: Deep understanding of security risks and threats as they relate to the company’s operating environments. Qualifications Minimum 8years’ experience in services or IT systems in a mission‑critical setting. University degree in Computer Science, Engineering, or other technical fields, or Business Administration with relevant IT work experience. At least 5years’ experience working in IT security and/or payment card processing systems. Desirable: Relevant security or IT compliance certification (e.g., CISA, CRISC, CCSK, CISSP, GIAC, PCI‑ISA/QSA). Knowledge and willingness to learn information security best practices related to Open Payments, Mobility as a Service, data classifications, Microsoft Azure, AWS, web infrastructure security, network security tools, encryption technology, database security, operating system hardening, vulnerability assessment tools, SIEM, and FIM solutions. Candidate must reside within commuting distance of CTS offices in Wellington, NewZealand, and be able to travel within the region periodically. Condition of Employment Successful outcome of a National Police Check. Equal Employment Opportunity We are committed to creating an inclusive workplace and welcome applications from people of all backgrounds. We do not discriminate based on any protected characteristic under applicable law. Additional Information The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need. #J-18808-Ljbffr