- Experience
- 2–3 yrs
- Salary
- NZD 91,250 – NZD 115,000 / year
- Openings
- 1
- Posted
- 12 hours ago
- Work mode
- In office
- Eligibility
- Applicants with relevant GRC, IT audit, or security operations experience are encouraged to apply. Auror also welcomes candidates who may not meet every requirement but are close to the role and eager to grow.
- Resume
- Required to apply
Where you'll work
Job description
About the Company
Auror builds technology that helps retailers fight theft and organised retail crime, a global problem worth an estimated $150 billion. The company was established in New Zealand 12 years ago and now works with major retail brands across the US, Canada, Australia, New Zealand, and the UK. Its mission is to cut violent retail crime by 50% within five years by connecting people and intelligence to help reduce crime more effectively.
Auror also values responsible use of AI to improve customer support, trend detection, and internal processes. Team members are encouraged to explore how AI can improve their work, no matter their function.
Role Overview
As a GRC Analyst in the Security Compliance & Customer Trust team, you will handle the daily operations that keep Auror’s compliance programme moving and customers confident in the company’s security posture. The main focus of the role is questionnaire operations: managing the intake queue, keeping the answer library current, and preparing initial responses so work is accurate and completed quickly. You will also assist with SOC 2 readiness, Vanta administration, and Trust Centre content under the direction of the GRC Lead.
You will report to the Senior Director of Information Security and work closely with Sales, Customer Success, and Engineering. The position calls for strong written communication, ownership, and the ability to stay organised while handling multiple priorities and deadline pressure in support of customer deals.
Key Responsibilities
- Manage incoming security questionnaires by logging requests, tracking due dates, maintaining a live status view, and escalating delivery risks to the GRC Lead.
- Keep an updated library of approved responses covering security controls, data handling, subprocessors, and incident response, with the goal of covering most standard questions without additional review.
- Prepare first-draft answers for standard questionnaires such as SIG Lite, CAIQ, and customer-specific formats using the response library and current control documents.
- Track progress against completion targets and surface any timeline risks early.
- Support SOC 2 audit preparation by helping coordinate the readiness schedule, including evidence collection windows, policy reviews, and vendor reviews.
- Maintain alerts and vendor records in Vanta to support continuous compliance and future audit work.
- Create and monitor Linear tickets for remediation items or inputs needed from other teams, and follow up to keep work from stalling.
- Assist with annual audit activities by gathering and organising evidence, tracking audit-related tasks, and storing materials for future reference.
- Prepare documentation for review and inclusion in the Trust Centre, ensuring it stays accurate and aligned with the current control environment.
Requirements
- 2 to 3 years of experience in GRC, IT audit, or security operations.
- Working knowledge of SOC 2 trust service criteria.
- Hands-on experience with questionnaire platforms such as Conveyor, Responsive, RFP360, or similar tools, or a strong willingness to develop that capability.
- Exposure to Vanta or a comparable compliance automation platform is preferred.
- Excellent written communication skills, as this role is often the first point of contact for customer security questions.
- A structured, process-driven approach with strong ownership of deadlines and comfort managing competing priorities.
- Ability to collaborate effectively with Sales and Customer Success in a deal-cycle environment.
- Curiosity, humility, openness to feedback, resilience after setbacks, and a willingness to adapt.
- A collaborative mindset that builds trust, invites constructive challenge, and supports accountability across the team.
- Alignment with Auror’s guiding principles.
Benefits and Perks
- Competitive pay between NZ$91,250 and NZ$115,000, with the level depending on experience.
- Annual bonus eligibility of NZ$2,200 if revenue goals are achieved.
- Employee share scheme giving you ownership in the business.
- Flexible working culture focused on outcomes and a healthy work-life blend.
- Shorter work weeks with Friday afternoons off at full pay.
- 100% coverage of an individual nib health insurance plan.
- Wellness support, including Wellness Days and up to NZ$750 per year for expert sessions.
- Paid parental leave from day one: 12 weeks for birth parents and 6 weeks for non-birth parents after birth, adoption, or surrogacy.
- Support for courses, conferences, and events that build your skills.
- Regular team lunches and social activities, usually held during work hours.
Additional Information
Auror is committed to diversity and inclusion and welcomes applicants of all backgrounds, including race, gender, sexual orientation, family status, religion, ethnicity, national origin, disability, veteran status, and age.
Applicants are encouraged to apply even if they do not meet every requirement, as the company values growth and learning. A cover letter is optional but recommended, and candidates should be prepared to share what draws them to the role. After applying, the team will acknowledge the application and can help with any accessibility needs.
This position reports to Scotland Symons, Senior Director of Information Security, who brings twenty years of experience in technology and security and leads Auror’s work to secure the platform, code, and customer protections.
Compensation range: NZ$91,250 to NZ$115,000.
The job is based onsite in Auckland, New Zealand.