Risk & Controls Analyst

About the Company

Centrapay is a payments and digital rewards business focused on changing how people pay in-store and online. The company helps brands build digital assets and loyalty programmes so customers can spend and earn rewards across different channels. Its partners include Coca-Cola, BNZ, and Farmlands, and it handles payments across New Zealand and Australia. The company’s payments platform is central to its work, and it is also developing its flagship app, Payap, to showcase its core capabilities.

About the Role

Centrapay is looking for a curious and detail-oriented risk professional to strengthen the controls and assurance environment across the business. This is a practical, hands-on position where you will help shape how risk is managed, improve reporting, and support the wider organisation as it scales.

The role involves close collaboration with engineering, product, operations, and leadership teams. You will turn technical and operational information into clear risk and control insights, and you will report to the CRO while working closely with the Senior Risk & Change Manager.

Controls & Assurance

• Contribute to the ongoing build-out of the control framework for Centrapay and Payap.
• Design and validate controls to address identified risk gaps.
• Create practical assurance methods suitable for a fast-moving fintech environment.
• Own control remediation and recurring testing activities.
• Keep supporting evidence and compliance documentation up to date.

Reporting & Data

• Prepare reporting for risk, controls, and compliance.
• Review data for anomalies, patterns, and missing or inconsistent information.
• Support governance and regulatory reporting needs.
• Help increase automation in assurance and measurement processes.

Compliance & Accreditation

• Assist with audits, accreditations, and broader compliance programmes.
• Coordinate evidence gathering across multiple teams.
• Maintain registers, databases, and compliance records.

Information Security & Third-Party Risk

• Support security risk reviews for systems and external vendors.
• Monitor vulnerability management and remediation progress.
• Run risk workshops and keep risk records current.

What Success Looks Like

• A repeatable control-testing process has been established and is actively used by the business.
• Risk and compliance reporting has become more accurate and efficient.
• More assurance and testing work has been automated.
• Strong working relationships have been built with engineering, product, and operations teams.
• You are seen as a trusted source of insight for the Risk function and leadership.

Requirements

The ideal candidate will bring at least 5 years of experience in risk management, information security, or technology risk, preferably within financial services or a regulated fintech environment. You should be comfortable working with both technical and non-technical stakeholders and be able to translate complex concepts into plain language.

You will need strong analytical and problem-solving ability, a good eye for trends and inconsistencies in data, a mindset focused on process improvement, and excellent communication skills. Prior payments experience is not essential, as training and support will be provided.

Nice to Have

It would be an advantage to have experience with ISO 27001, NIST CSF, or similar frameworks; exposure to GRC or ISMS tools; familiarity with PCI DSS, CPS 234, or open banking/CDR compliance environments; or a relevant degree or certification in risk, audit, or information security such as CISA or CRISC.

Why Join Us?

• Join a fast-growing fintech helping shape the future of payments.
• Work in a team that values innovation, collaboration, and ambition.
• Enjoy competitive compensation, growth potential, and the opportunity to make a meaningful impact.

Benefits

Centrapay places strong emphasis on culture and on building a positive, healthy workplace. The company regularly seeks employee feedback and looks for ways to improve the experience of its people.

• Flexible working arrangements.
• Office at City Works Depot in Auckland for those based there.
• 6 weeks of annual leave.
• MacBook Pro provided.
• Inclusive, open, and down-to-earth culture.
• Both in-person and online social activities.
• Sick leave available from day one.
• Free Southern Cross health insurance.
• Free life insurance.
• Additional parental leave support.

Additional Information

For more information about the company, visit Centrapay’s official website. BNZ and Centrapay are working together to advance payment innovation and expand what is possible in the sector.