Manager Risk and Control Enablement – (Cyber Security) Permanent role

See yourself in our team:

Enterprise Services delivers the Group’s information technology and banking operations functions to ensure the highest levels of customer service through world-class process excellence and technology innovation.

To do this, Enterprise Services has a strategy with two clear goals of delivering iconic customer and employee experiences, and simplified and standardised technology and processes.

Enterprise Services is the Group’s engine room committed to delivering available, reliable, consistent technology solutions for our internal and external customers.

The Enterprise Services Controls Office consists of three key centres of excellence designed to support Enterprise Services pillars of Safe, Sound, Secure; Agility; and Performance. These teams provide non-financial risk advice and controls assurance to Enterprise Services through:

• Implementing the risk management framework aligned to ES’ Risk Appetite and Risk Management Strategy.
• Assisting the business to achieve compliance with Group, policy, framework, legislative and regulatory requirements.
• Acting as a Trusted Advisor thereby ensuring the business understands and is able to apply risk and compliance management strategies.
• Supporting with issue and incident management.
• Providing risk advisory support on key strategic initiatives and programs of change impacting the business.
• Developing and managing key stakeholder relationships.

We partner with the Business to deliver insights to enable effective decision making and provide assurance over controls.

Do work that matters:

To proactively and effectively manage operational risks through providing insights and judgements on the risk and control environment across Cyber Security.

Your role will be key in assisting management with sound and rational risk advice and decision making. Effective management of risk is a key enabler and foundational component of the Group.

The role will report to the Senior Manager, Risk & Control Enablement, Cyber Security.

This role will build and manage productive relationships with the following individuals and groups:

• Cyber Security and Privacy Leadership team
• Key stakeholders across Enterprise Services
• Enterprise Services Chief Controls Office staff and peers
• BU/SU Chief Controls Office staff
• Line 2 Risk and Assurance
• Line 3 Group Audit & Assurance

A key responsibility for this role includes:

Provide Line 1 risk management support for the Group CISO, Cyber Security and Privacy team, utilising the Group’s Operational Risk Management Framework and Compliance Risk Management Framework. More specifically, the role will involve the following key activities/ outcomes:

• Deliver and complete required risk-in-change assessments for the Cyber technology component of the Privacy program.
• Ensure compliance with the Group RiskinChange Standard and Procedures, and ensure records and evidence are retained in the risk tools and systems.
• Facilitate RiskinChange workshops with relevant stakeholders and provide challenge where required.
• Review and challenge the design and operating effectiveness of Cyber controls that are developed and implemented as part of the Cyber Privacy projects, and advise business leaders throughout the implementation process including Cyber Security, Chief Data Office and Privacy project teams.
• Consult and collaborate with the Cyber Privacy team, ES Controls Office, Cyber Security, Line 2, Line 3 and other SME’s to determine optimal course of action to remediate gaps identified within Cyber Privacy projects.
• Identify, initiate and manage actions to mitigate risks and to strengthen controls, including issues identified through privacy, security and technology risk assessments.
• Develop and contribute to Cyber Privacy reporting deliverables and provide insights from a risk lens for management decisions.

We're interested in hearing from people who have:

• Cyber risk / Cyber / Privacy practitioner experience is beneficial CISA, CRISC, CGEIT, CISM, ITIL, COBIT, CISSP or other IT Risk related certifications (e.g. ISO2700x, PCI/DSS)
• Tertiary education in business, finance, economics, IT, or another quantitative field
• Experience with project change risk (Risk in Change) and supplier risk functions
• A sound understanding and knowledge of the risk and control environment and framework with proven experience with operational and compliance risks

If you are an experienced professional with a desire to take on complex work/projects then we would love to hear from you!

If you're already part of the Commonwealth Bank Group (including Bankwest), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.