Risk & Privacy Manager @ Hnry
Hnry
NZD 145k-185k / year
Posted on Dec 10, 2025
🔐
Risk & Privacy Manager @ Hnry
📍
Wellington, New Zealand
⏰
Permanent, full-time
Hnry are undergoing a period of rapid growth, and we’re looking for a pragmatic, product-savvy Risk & Privacy Manager to lead our privacy, security and compliance programmes. This is a pivotal role that keeps us safe and fast - enabling the business to move quickly while meeting our regulatory obligations.
We’re after a builder, not a bureaucrat: someone who can own our Drata instance, maintain our ISO27001 accreditation, right‑size our transaction monitoring, and partner closely with Product and Engineering to embed compliance into our products and services across NZ, AU and the UK.
🚀 Responsibilities
Own our compliance obligations: ensure we meet requirements for GDPR, the DUAA, and related regional privacy/security regulations across NZ, AU and the UK, maintaining a living compliance roadmap and risk register.
Be the owner of our Drata instance: configure controls, automate evidence collection, map ownership, tune workflows and integrations, and keep processes right‑sized so we don’t over‑burden teams.
Maintain our ISO27001 accreditation: run the ISMS, risk assessments, internal audits and management reviews; coordinate external audits and drive continuous improvement with stakeholders across the business.
Stay across Authentication & Security regulations: translate evolving requirements into pragmatic product and engineering changes (e.g. auth flows, consent, logging, data handling), balancing compliance with speed and scale.
Own our Privacy Programme: take ownership of Privacy Policies (NZ, AU, UK); manage DSRs, retention/deletion schedules, ensuring our standards meet regulatory guidelines.
Provide payment provider reporting: produce concise, accurate reporting to meet the processes of our third‑party payment providers, including high‑level summaries of fraud activity and AML/CFT screening outcomes.
Run a right‑sized Transaction Monitoring process: design, operate and continually calibrate risk‑based monitoring using available systems and tools; set rules and thresholds, review alerts, document decisions and ensure end‑to‑end coverage.
Measure and communicate: create crisp dashboards/metrics, present posture and key risks to leadership, and keep teams informed about regulatory changes and their impact on our roadmap.
🤩
James - CEO & Co-Founder
🫵 You will:
Have 5+ years in risk, privacy, compliance or security (ideally in high‑growth tech/fintech), with a track record of shipping practical controls that enable the business.
Bring hands‑on experience maintaining ISO27001 (ISMS ownership, internal audits, external surveillance/recertification).
Be comfortable owning Drata (or a similar platform) - control mapping, evidence automation, integrations and workflow design.
Have working knowledge of GDPR, DUAA and regional privacy regimes across NZ, AU and the UK; able to turn legal requirements into actionable product and engineering changes.
Be technology‑literate: understands authentication concepts (e.g. SSO/MFA, OAuth2/OIDC), logging/monitoring, data flows and APIs; enjoys pairing with Product Managers and Engineers to design solutions.
Be experienced operating or improving fraud and AML/CFT monitoring and reporting, with clear documentation and sound judgement.
Be pragmatic, grounded and outcome‑focused — you right‑size process, avoid red tape, and evolve your approach as the business scales.
Be an excellent communicator who can influence across disciplines and present complex topics simply to executives and partners.
Bonus points for the following:
Fintech/payments experience, especially working with third‑party payment providers and their reporting/assurance processes.
Certifications such as CIPP/E, CIPM, ISO27001 Lead Implementer/Lead Auditor, CAMS, CISSP/CISM (or equivalent practical experience).
Experience delivering privacy-by-design at product teams (DPIAs, DSR workflows, data retention/deletion automation).
Comfort with data - using dashboards/queries to monitor control effectiveness and investigate issues.
💪 How we work
We are a fast-moving, highly collaborative and motivated team, that is growing quickly.
We have a relentless focus on the customer, and on delivering great experiences to ensure we maintain our high rate of customer referrals.
We take a data-driven approach to everything we do, making decisions based on user behaviour - constantly tweaking and optimising to improve.
We follow agile practices, delivering improvements iteratively in small chunks. We track the impact of our work and measure ourselves based on delivering measurable contributions towards agreed targets.
We encourage experimentation - whether that's experimenting with new tools or techniques, or experimenting with new channels.
We invest in our people, and provide opportunities for career growth and progression.
We work hard and we finish on time, no crazy hours.
💰
Salary banding: $145,000 - $185,000 per annum
✨ At Hnry, we operate a policy of pay parity across our organisation to ensure that all Hnry staff are fairly and equally compensated based on their contributions and experience. The salary for this role will be determined based on the applicant’s experience✨
