Control Lead Vulnerability Management

• You are a cybersecurity risk and control professional with a background in Vulnerability Management control design and implementation

• We are one of the best and most advanced Cyber Security teams in Australia

• Together we can build the Cyber Controls Chapter Area and contribute to protecting the Group, its customers and community.

See yourself in our team:
The Cyber Controls Chapter Area plays a crucial function within the Group Security division being responsible for designing and deploying effective cyber control capabilities and overseeing continuous improvement of the Group’s cyber risk profile.

Do work that matters
As an organisation with a large IT estate servicing millions of customers everyday, we need to ensure effective mitigations are in place to defend our assets against an ever-evolving cyber threat environment. The Control Lead Vulnerability Management will lead a team tasked with ensuring control capabilities are in place to identify and remediate security weaknesses across the Group in a timely and effective manner.

Working with the Cyber Controls Chapter Area Lead and collaborating with peer Control Leads, the Control Lead Vulnerability Management will focus on:

Providing subject-matter expertise to Technology Crew Leads and Product Owners in setting the strategic roadmap for Vulnerability Management control capabilities, overseeing control operation, and supporting delivery of control remediation to achieve target risk outcomes. Establishing and maintaining control standards and guidelines to align with changes in industry standards, technology strategy and threat intelligence. Governing the Group’s compliance with Vulnerability Management control requirements and supporting the business in tracking remediation of critical security weaknesses and improvement of overall risk posture.

You will also:

• Ensure Vulnerability Management operation adheres to the Group Operational Risk Management Framework.

• Define the control testing approach to support automated control performance monitoring.

• Carry out annual Vulnerability Management effectiveness assessments and drive appropriate risk remediation to address identified control weaknesses.

• Assist the CTO CIO for Technology and GTS Infrastructure Transformation teams achieve their goals, who are responsible for the operation of vulnerability remediation across the Group’s critical applications and infrastructure.

We are interested in hearing from people who:

• Strong knowledge of cyber control frameworks (NIST CSF, ASD ISM and Essential 8, ISO27001), Cyber Kill Chain (Lockheed Martin and MITRE ATT&ACK Framework) risk management and regulatory requirements. 

• Excellent leadership, communication and collaboration skills and proven ability to manage complex work and lead cross-function teams 

• Embody the leadership principle of ‘Curious and Humble’ by being willing to speak up and challenge the status quo, and continually expanding their skills and knowledge.

• Are knowledgeable about cyber threats and vulnerabilities relevant to server, network, and endpoint security.

• Can analyse threat intelligence, identify potential risks, prioritise vulnerabilities, and recommend appropriate mitigations.

• Have experience working with Vulnerability Management enterprise solutions and implementing patch management programs in large and complex IT environments.

• Can operate effectively in an agile working environment exemplifying high degrees of autonomy and self-initiative to achieve target outcomes.

• Have demonstrated ability to engage and influence stakeholders to build rapport, obtain buy-in and achieve target outcomes.

Technical skills that will benefit you in the role:

• Applied knowledge of ASD ISM, NIST, CIS and Essential Eight cyber mitigation strategies.

• Proficiency in vulnerability scanning tools (e.g., Tenable Nessus, Qualys, Rapid7, etc.).

• Experience with vulnerability prioritisation frameworks (e.g., CVSS, EPSS).

• Familiarity with patch management tools (e.g., Microsoft SCCM, WSUS, Ivanti).

• Understanding of web application vulnerabilities (e.g., OWASP Top Ten).

• Experience with data visualisation tools (e.g., Power BI, Tableau) and proficiency in creating executive-level dashboards and reports.

• Security certifications: CISSP, CISM, or CRISC.

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.