Senior Manager Risk and Control Enablement

Eveleigh, NSW - 1 Locomotive Street

Commonwealth Bank

CommBank offers personal banking, business solutions, institutional banking, company information, and more

View all jobs at Commonwealth Bank

See yourself in our team:

The Technology Chief Controls Office (CCO) team is a Line 1 risk team responsible for supporting CBA in continuing to mature its risk culture and establish and maintain strong risk practices.

Technology CCO is responsible for providing end to end risk advice and guidance. We support our delivery teams across CommBank in their development and operation of solutions ranging across innovative product platforms for our customers to essential tools within our business.

Do work that matters:

The Senior Manager, Risk and Control Enablement is part of the Technology CCO team that supports the Chief Technology Office (CTO) providing specialist cloud risk advice for the second pillar of our Technology Strategy, “A modern technology estate”. CTO owns and operates the Cloud Foundational platform for CBA and drives the leverage cloud as a strategic enabler lever under the Technology Strategy. 

This role is primarily responsible for ensuring that new and changing strategic initiatives are risk assessed with appropriate controls and mitigations in place. This will be achieved by identifying and assessing the key risks across multiple domains of technology, cyber security, data, AI, privacy and validating the implementation of appropriate controls.

This role reports into the Technology CCO Executive Manager Risk and Control Enablement. A team of Managers will report to this role. The role supports Technology Executive General Managers (EGMs), General Managers (GMs) and Executive Managers (EMs) in providing risk services with all elements of the ORMF.

Key responsibilities for this role includes:

  • Oversee and support the business on the design and implementation of controls to enable better risk and compliance outcomes, providing guidance and advice to senior leaders on their application.

  • Drive continuous improvement of the business control environment by using data to generate insights and reports.

  • Lead and coach team members to conduct root cause analysis of issues and incidents, identifying and implementing control improvements.

  • Set expectations and manage data quality in/maintain various databases (including RiskInSite) and provide senior business leaders with insights on monthly management reporting.

  • Lead and coach extended team members to conduct technology risk assessments, advise on delivery risk and delivered risk including impact assessments, advise on the effective design of technology cloud control specifications, and validate the effective design of the controls implemented.

  • Lead and build a proactive risk and control culture.

  • Partner with the business to deliver pragmatic insights that enable risk based and informed decision making and provide assurance over controls.

  • Accountable for ensuring risks are profiled and captured in the Risk Profile (RCSA) and updated when risk trigger events occur.

  • Adhere to the Code of Conduct. The Code of Conduct sets the standards of behavior, actions and decisions we expect from our people.

We’re interested in hearing from people who have:

  • Extensive experience in risk and/or control advisory in banking/financial services/professional services or other relevant sectors, and experience in Cloud, Technology, Cyber, Data/AI practitioner roles.

  • Experience with project change risk (Risk in Change).

  • CISM, CISA, CRISC, CGEIT, CDPSE, COBIT, ITIL, CISSP or other IT risk related certifications (e.g., ISO200x, PCI/DSS) holder is favorable.

  • Familiarity with APRA standards (not limited to CPS220, 230, 231, 232) or Cloud risk frameworks is favorable.

  • Strong soft skills, including stakeholders management, critical thinking, ability to provide constructive challenge, report writing, etc. is desired.

If this sounds like the role for you then we would love to hear from you. Apply today!

We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.

Advertising End Date: 17/10/2024

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Banking CISA CISM CISSP Cloud COBIT Compliance CRISC ITIL Privacy Risk assessment Strategy

Perks/benefits: Career development Equity / stock options Flex hours Team events

Regions: Asia/Pacific Europe

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.