Senior Audit Manager, Tech & Cyber Audit

“At CommBank we are proud to support flexibility, let’s discuss what this means for you”

The Commonwealth Bank of Australia (Bank) is Australia's leading provider of integrated financial services. They are committed to continuously improving governance practices and ensuring that they are aligned with business, stakeholders and customers’ needs. Group Audit and Assurance (GA&A) are the internal audit function for the Group. Their primary purpose is to provide independent and objective assurance of the effectiveness of the Groups risk management, controls and governance processes. 

Evolving customer expectations, competitive threats and pace of change require GA&A to support the business with new insights and risk coverage that puts customers first and to continue to provide insightful assurance to the Board. As digital technology disrupts and transforms entire industries and ways of working, GA&A is committed to keeping pace and continually reimagining themselves with the latest global best technology and innovation.

Over the last three years GA&A has increasingly embedded digital assurance into audit activities, injecting Artificial Intelligence (AI) into routine control testing and using digital tools to improve the overall experience for employees. 

By reducing administrative overhead, GA&A have increased their teams capacity for high value judgement-based activities and expanded their support to include sharing knowledge and tools that create better risk coverage across the Bank for all Three Lines of Assurance. With global-best digital tools that harness the power of data, analytics and AI, GA&A are delivering smarter, faster and safer outcomes to address current and emerging risks and provide better assurance outcomes for our customers and community. GA&A was recognised as an ABA100 winner for both Risk Management and Business Innovation in The Australian Business Awards 2023.

See yourself in our team

The Technology and Cybersecurity audit team within the GA&A department provides coverage over the technology portfolio as well as critical projects and IT suppliers across the Bank. The team is structured as a shared service model to provide a centre of excellence for IT audit assurance to the business audit teams.

GA&A works closely with senior management and staff across all divisions of the CBA Group, and the external auditors, but maintains independence as part of the corporate governance role.

Your contribution will add value by:

• Cultivating a dynamic environment to enable focus on key issues and the details that come with it

• Contributing to high quality audit reports focused on the Group’s technology and cybersecurity controls

• Aiding our stakeholders to make a difference to their business and that protects the Group and our customer

Your responsibilities

• Demonstrate a general understanding of diverse IT systems and technology concepts and manage and lead the delivery of IT audits within agreed timeframes and in line with the GA&A Audit Methodology

• Interview customers and conduct process walkthroughs to understand the risk and control environment as well as test key controls by gathering relevant audit evidence and interpreting data and document test plans, results and conclusions clearly and concisely

• Effectively manage stakeholders, timelines and communication

• Integrate knowledge and assurance provided by other Line 1-2 risk functions and the External Auditors when undertaking audit fieldwork

• Foster a culture of continuous improvement by sharing knowledge and best practices. In line with CBA Internal Audit Methodology, oversee effective and efficient planning and delivery of audits and assist your Executive Manager in building a dynamic, risk-based Audit Plan to appropriately capture key and emerging risks.

• Effectively support, supervise, and deliver assigned scope areas of the audit from Planning, Fieldwork, Reporting, and through to audit closure including administration of key audit stage-gates in the audit electronic workflow system.

• Solve problems by applying innovative thinking and actively participate in processes to capture and act on innovation ideas, to improve the way we work.

• Draft issues and agree the factual accuracy and ratings with stakeholders, as well support the Executive Manager in preparing simple, pragmatic, and easy to read audit reports and issue logs.

• Create and develop independent and objective relationships within GA&A, the Bank and externally to enable effective knowledge sharing and collaboration.

Your skills & experience

• Extensive understanding and experience in cloud and engineering practices, including secure code management, build, test, and deployment practices in cloud environments.

• Strong knowledge of IT areas such as containers, network security, CI/CD, engineering, AWS IAM, and Kubernetes.

• Experience in auditing cloud-based environments is highly desirable.

• Experience with AI is also highly desirable.

• Excellent leadership and interpersonal skills, with the ability to collaborate and influence work cross-functionally, navigating ambiguity while managing multiple audit engagements or priorities simultaneously in a fast-paced, environment, accepting accountability of the process and delivering on commitments.

• Strong communication (written and verbal) and senior stakeholder engagement with the ability to present and influence senior management.

• Capacity to work to a timetable and ability to meet objectives and targets.

Your qualifications

• Tertiary qualification in Computer Science, Information Technology product related fields.

• Typically requires 7+ years auditing or relevant experience.

• Professional certifications such as AWS Certified Solutions Architect, Azure Solutions Architect, or Google Cloud Certified Professional preferred.

• Extensive experienced in auditing IT controls with a strong knowledge of areas such as IT security, Software development, Application controls, Identity and access management and Systems resilience.

• Familiarity with audit methodologies, risk management frameworks, and regulatory requirements (e.g., GDPR, PCI DSS, SOC 2) - Desirable

• Strong analytical skills, attention to detail, and problem-solving abilities.

Your development

If you live the values and demonstrate the people capabilities, we can offer great opportunities. Whether you want to move across the organisation or up into a leadership role, the way you live the values and demonstrate the people capabilities are key. Use the capabilities required for this role as a guide to the critical skills and behaviours you need for your next move.

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.