Stuff is seeking a Principal Security Analyst to take ownership of security governance across the Group. This is a newly created role with a broad mandate to protect our products, platforms and audiences while enabling the business to innovate and move quickly.

You will be the Group’s dedicated security expert, working across Stuff Digital, Masthead Publishing and Stuff Group to define security standards, manage risk, and guide leaders on how to build security into everything we do.

This is a strategic, high-impact role for someone who can translate complex security risks into clear business decisions. You will also be expected to embrace emerging AI tools as a genuine force multiplier, using them to extend your own capability and deliver security outcomes at scale.

The Stuff you’ll do:

• Lead security governance across the group, setting policies, standards and clear accountability.

• Own incident response and resilience, managing security incidents and strengthening our response capability.

• Oversee compliance and risk, ensuring we meet obligations including PCI DSS and the NZ Privacy Act.

• Drive continuous security improvement, identifying vulnerabilities and prioritising remediation across platforms.

• Partner with teams across the business, embedding security into product, platform and vendor decisions.

• Use AI to scale impact, leveraging modern AI tools to enhance monitoring, reporting and security workflows.

About you

You are a highly credible security professional who knows how to build programmes that work in fast-moving digital organisations. You actively embrace AI tools not to replace judgement, but to massively extend what you can see, do, and deliver.

You combine deep technical knowledge with strong strategic judgement, and you're comfortable advising senior leaders on risk, governance and investment decisions.

The Stuff you’ll bring:

Essential

• Degree in Information Security, Computer Science or a related discipline (or equivalent experience)

• At least 5 years’ experience in cybersecurity, including governance, strategy or advisory roles

• Proven experience improving or maturing an organisation’s security posture

• Strong knowledge of frameworks such as ISO 27001 or NIST CSF

• Experience managing compliance obligations including PCI DSS and the NZ Privacy Act 2020

• Experience designing and running incident response programmes

• Strong stakeholder management and ability to communicate with senior leaders

• Demonstrated hands-on experience using agentic AI tools (e.g. Claude, Copilot or similar) in a professional environment

• Experience working with cloud platforms such as AWS, GCP or Azure

Desirable

• Security certifications such as CISSP, CISM or CISA

• Experience in media, publishing or digital platform environments

• Knowledge of DevSecOps and integrating security into CI/CD pipelines

• Experience with AI governance and security for AI-enabled products

• Experience managing PCI DSS compliance in partnership with finance teams

This is a rare opportunity to build something from the ground up — shaping how one of New Zealand's most influential digital organisations thinks about security, at a moment when AI is changing what one person can accomplish. If you thrive with autonomy, work best when you're genuinely trusted, and want your tools to be as sharp as your thinking, we'd love to hear from you.

Think you can do the job? Then apply now and start your journey with Stuff today.

Ka oti rānei i a koe tēnei mahi? Kāti, tono mai ināianei kia tīmata ai tō haerenga me Stuff i tēnei rā.

Stuff champions inclusion. Be it gender, ethnicity, beliefs, abilities or experiences - we know that diversity brings another lens through which we all learn, connect and grow.

E kōkiri nei a Stuff i te whāinga kia whai wāhi ai te katoa. Hāunga te ira, te iwi, ngā whakapono, ngā āheinga, ngā wheako rānei o te tangata - e mōhio nei tātou mā te kanorau e whai tirohanga hou ai, e ako ai, e tūhono ai, e whanake anō ai tātou katoa.

As we are committed to creating a workplace that reflects the diverse communities in New Zealand, we will always invite and encourage applications from people of all genders, ethnicities, disabilities and ages. We are committed to providing equal employment opportunities for all.

Nā runga i tā mātou ū ki tētahi taiao mahi e whakaatu ana i te kanorau o ngā hapori i Aotearoa, i te ao, i te pō, ka pōhiringia, ka ākina anō ngā tono mahi a te marea whānui, hāunga te ira, te iwi, te hauātanga, te pakeke rānei. E ū nei mātou ki te whai kia wātea ai ā mātou ara whai mahi ki te katoa i runga i te mana taurite.

Disclaimer: Stuff does not accept unsolicited agency resumes. Stuff is not responsible for any fees related to unsolicited resumes.