Cyber Defence Risk Manager
Eveleigh, NSW - 1 Locomotive Street
Commonwealth Bank
CommBank offers personal banking, business solutions, institutional banking, company information, and moreAre you a Cyber Defence specialist with technical consulting experience relevant to cyber security operations? Are you a Security Engineer, Threat Analyst or Incident Responder who is comfortable reviewing detection logic, incident response playbooks or threat hunting capabilities? Do you have system threat modeling experience or applied knowledge of DevSecOps implementation? You might be a match for who we are looking for!
See yourself in our team:
The Technology and Operations (Tech & Ops) Risk team is responsible for providing specialist Operational Risk and Compliance (OR&C) advice and assurance of decisions made across the Technology, Chief Operating Office, and Business Unit divisions.
Do work that matters:
Are you a Cyber Defence specialist with technical consulting experience relevant to cyber security operations? Are you a Security Engineer, Threat Analyst or Incident Responder who is comfortable reviewing detection logic, incident response playbooks or threat hunting capabilities? Do you have system threat modeling experience or applied knowledge of DevSecOps implementation? You might be a match for who we are looking for!
You will play a key role within the Cyber Defence Risk team as part of the Security Operational Risk function that supports Group Security. You will partner with the Executive Manager Cyber Risk to provide independent Line 2 advice and assurance and actively uplift capability across the Cyber Security SOC and App Security functions.
Key responsibilities for this role includes:
Technical:
Provide SME risk management advice to cybersecurity teams aligned to the following cyber risk management domains: Application & Service Protection, Vulnerability Management, Data Security, Cloud Security, Third Party Security, Identity & Access Management, and Cyber Defence.
Working as part of a team of professional SMEs to provide independent, pragmatic and value adding Operational Risk advice and assurance for technology and cyber risks across the Group.
Monitoring and reporting of three lines of accountability (3LoA) activities to the Executive Manager, including BAU management of the Risk Management Approach, the Operational Risk Management Framework and Compliance Management Framework in support of CPS 220.
Contributing to the oversight and monitoring of key technology and cyber risks, controls, issues, incidents, and risk-in-change.
Supporting the appropriate identification, escalation and reporting of all related technology and cyber risk and compliance matters to the relevant stakeholders, including the relevant NFRCs, your EM/GM and to the Technology and Operations CRO.
Leadership:
Work as part of a cross-skilled team that can support a range of inter-connected risk domains; speaking up and contributing to appropriate Line 2 oversight and challenge.
Provide ideas for Line 2 risk management and assurance activities, data analytics and stakeholder reporting; contribute to a culture of learning and collaboration.
Role model behaviours that are consistent with CBA values expectations and leadership principles; provide a safe workplace for all team members, customers and visitors.
Develop and maintain partnerships with stakeholders; become a trusted advisor using commercial acumen, practical recommendations; and assist the business to understand where prioritised focus on key risks and compliance matters is required.
We’re interested in hearing from people who have:
Cyber Security experience required with sound knowledge of applicable industry standards, frameworks and regulations (e.g. CPS234, NIST, ISO27001, Information Security Manual, Essential 8, OWASP, MITRE).
Preference for information security certification (e.g. CISM, CRISC, CISSP, GSEC, CompTIA, Security+, CEH).
Background in Operational Risk and Compliance with technology and cyber risk management specialties within the Financial Services industry highly regarded.
High quality written and verbal communication skills, report writing, evidence gathering and data analysis capabilities.
Stakeholder and influencing skills with the ability to proactively engage Line 1 teams and engender trust with pragmatic, commercially balanced risk advice.
A curious and humble mindset, understanding of external trends and changes, interest in continuous learning, to build risk management best practice.
Your Career:
If you live the values and demonstrate the people capabilities we can offer great opportunities. Whether you want to move across the organisation or up into a leadership role, the way you live the values and demonstrate the people capabilities are key. Use the capabilities required for this role as a guide to the critical skills and behaviours you need for your next move.
If this sounds like the role for you then we would love to hear from you. Apply today!
If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.
We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.
Advertising End Date: 17/11/2024* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics C CEH CISM CISSP Cloud Compliance CompTIA CRISC Data Analytics DevSecOps GSEC Incident response ISO 27001 Monitoring NIST OWASP Risk management RMF SOC Vulnerability management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.