The Manager, Risk and Control Enablement Privacy Risk and Compliance

See yourself in our team:

Group CIO Technology delivers the Group’s information technology and banking operations functions to ensure the highest levels of customer service through world-class process excellence and technology innovation.

To do this, Technology has a strategy with two clear goals of delivering iconic customer and employee experiences and simplified and standardised technology and processes. Technology is the Group’s engine room committed to delivering available, reliable, consistent technology solutions for our internal and external customers.

Do work that matters:

The Manager, Risk and Control Enablement Privacy Risk and Compliance is part of the Technology CCO team for ensuring:

• Privacy risks for any new and changing processes are assessed, awareness is raised, risk mitigations are in place, embedded and sustainable. They achieve this by assessing the effective design and implementation of controls to enable compliance and supporting the business through new and changing processes

• Provide support to Technology businesses to implement regulatory engagement, regulatory changes and compliance policy changes that affect Technology

This role will work closely with stakeholders in the Group Privacy Office, Cyber, Line 2 and delivery owners across Technology. They’ll also work in partnership with the business to strengthen and drive effective privacy, compliance risk management and Group regulatory engagement to uplift controls, risk culture, and ensure we meet all regulatory requirements and practices are sustainable and embedded into BAU.

This role will report to the Senior Manager, Technology CCO Central and will support General Managers (GMs) and Executive Managers (EMs) in providing risk services with all elements of the Operational Risk Management Framework (ORMF)/Compliance Management Framework (CMF) and Group Regulatory Engagement Standard (GRES). This role is required to act with independence and must have the ability to influence stakeholders by actively building and maintaining valuable relationships with:

• Privacy, Cyber and Technology SMEs

• Service Owners

• Chief Data and Analytics Office

• Relevant Technology, Privacy and Cyber related programs

• Line 2 Operational Risk and Compliance

• Technology CCO peers

• Group Privacy Office

• Peer BU/SU CCO teams

Key responsibilities for this role include:

• Oversee and support the business on the design and implementation of compliance arrangements, controls to enable better risk and compliance outcomes, providing guidance and advice to senior leaders on their application

• Coach extended team members to conduct and review obligation applicability assessment, control assessments, technology risk assessments, root cause analysis of issues and incidents, identifying and implementing control improvements

• Oversee and advise on effective design and implementation of compliance arrangements, controls for all new and changing processes and operations

• Accountable for and provide guidance to stakeholders to ensure the correct obligation, risk and controls overlay the end-to-end process mapping and documentation management to support the compliance and control process

• Partner with the business to deliver pragmatic insights that enable risk based and informed decision-making and provide assurance over controls.

• Oversee and advise the business on compliance policy changes and regulatory changes

• Build a proactive compliance, risk and control culture and capabilities

We’re interested in hearing from people who have:

• Experience of risk and/or control advisory in banking/financial services/professional services other relevant sector, and/or experience in Privacy, Technology, Cyber or Operational Risk practitioner roles

• Experience with project change risk (Risk in Change) and change management

• CISM, CISA, CRISC, CGEIT, CDPSE, COBIT, ITIL, CISSP or other IT risk related certifications (e.g. ISO200x, PCI/DSS) holder is favourable

• Familiarity with APRA standards (not limited to CPS220, 231, 232, 234, 235) or Privacy regulations is favourable

• Knowledge of Privacy and Compliance Risk frameworks would be advantageous

• Good soft skills, including stakeholders’ management, critical thinking, ability to provide constructive challenge, report writing

If this sounds like the role for you then we would love to hear from you. Apply today!

We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in.

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.