Skip to main content
Posted 16 July, 2026

Information Security & Risk Manager

Walker Smith
Christchurch, CAN, NZ Full Time
Reference: fd125b52f8a45cdc

Job Description

Overview Position Description Information Security & Risk Manager (ISO 27001) Reporting to: CTO/CISO Hours: 20-30 hrs per week Part Time or Fractional Term: Permanent or Contractor Location: Christchurch, New Zealand Date: December 2025 Purpose of the Position As the iViis & Spinika group* continues to expand its client base we need a dedicated part-time role to manage the groups ISO27001 certification and audit, monitor and improve the security posture of the group, and proactively assess the threat environment to take proactive action when necessary. This position plays a key role in maintaining our credibility in market, protecting our client and staff information and reducing the risks associated with bad actors targeting iViis and Spinika. The Information Security & Risk Manager is responsible for the end-to-end management of the organisation's information security management system (ISMS), including ISO/IEC 27001 certification, audits, security incident management, internal reviews, and the continuous improvement of the security posture. This role assumes operational responsibilities typically held by a CISO and acts as the day-to-day owner of security governance, working closely with engineering, product, leadership, and external auditors. The ISO7001 program has been in place since 2013, is mature and certified. This role is to maintain the current quality and improve where practical. *iViis and Spinika share certification as they follow and apply the same program of work – iViis is the platform provider and Spinika its largest internal client. Key Responsibilities ISO 27001 ownership & certification Own and maintain the ISO/IEC 27001 ISMS Lead: Surveillance and recertification audits External auditor engagement and remediation tracking Risk register maintenance and treatment plans Ensure policies, controls, and evidence remain audit-ready year-round Translate ISO requirements into practical, business-aligned controls Security governance and risk management Maintain and evolve: Information security policies and standards Risk assessments and control effectiveness reviews Conduct periodic internal ISMS audits and management reviews Provide security risk advice into: Product development Vendor and third-party risk assessments Customer security questionnaires and due diligence Security Incident support Support the CISO during the security incident process assisting with: Incident classification and escalation Root cause analysis and corrective actions Post-incident reporting and lessons learned Continuous improvement & security programme delivery Working with the CISO to: Maintain a rolling security improvement roadmap Prioritise initiatives based on: Risk reduction Audit findings Track delivery of remediation actions and security initiatives Drive practical improvements (not just documentation) Skills, Knowledge and Attributes This section outlines the capabilities required to perform effectively at 100% in this role, including qualifications, experience, competencies, and professional behaviours valued at Spinika. Knowledge / Experience / Qualifications Strong experience in security, risk and compliance roles Hands on experience with: ISO/IEC 27001 certification and audits Running an ISMS in production (not just implementation) Experience managing: Security incidents Audit findings and remediation programmes Comfortable operating in: SaaS, technology lead professional services environments Qualifications which would be beneficial: Relevant tertiary qualification in: Information Security Computer Science Risk Management Or equivalent experience CISSP, CISM, CRISC Key Performance Indicators The position of Quality Assurance & Testing Analyst encompasses the following major functions of Key Performance Indicators: Key Performance Indicator 1: ISO27001 management The annual audit result supports a mature implementation and management of the ISO27001 program Issues identified are kept to the minor non-conformity in the main Audit issued are remediated or accepted within required timeframes Key Performance Indicator 2: Documentation and process management Security documentation is readily available and accessible for client and staff purposes Policies and procedures are maintained and reviewed annually or when changes are required Key Performance Indicator 3: Audit Facilitate meetings and responses for internal and external audit Ensure clear communication with all parties Work effectively with the auditor to assess our compliance with the standard Key Performance Indicator 4: Engineering program of work Work with the technical teams to schedule and prioritise the audit program Review and check the quality of the work undertaken Key Performance Indicator 5: Continuous Improvement Continuously assess and provide recommendations to improve the groups security posture at a governance, management and technology level Suggest enhancements to processes, workflows, or specifications. Key Performance Indicator 7: Compliance with iViis / Spinika Policies & Health & Safety Ensure adherence to all Spinika policies, including health and safety requirements Promote wellbeing and foster a positive team environment Uphold Spinikas values and culture Demonstrate responsibility for personal and team safety Milestones When you join the team, you will: Learn the iViis/Spinikas platform, modules, and configuration model. Demonstrate strong documentation and governance discipline Build effective working relationships with the development team, and internal stakeholders. Change to Job Description This Job Description outlines the main duties and responsibilities of the position. It is not an exhaustive list of all responsibilities that may be required of the role. Employees may be asked to undertake any duties reasonably requested by the employer. From time to time, changes may be required in response to evolving business needs, new technology, or updates in legislation. The Job Description may therefore be reviewed and updated accordingly. #J-18808-Ljbffr

Sign up for Job Alerts