Control Manager Vulnerability Management

Control Manager Vulnerability Management

• You are a cybersecurity risk and control professional with a background in Vulnerability Management control design and implementation
• We are one of the best and most advanced Cyber Security teams in Australia
• Together we can build the Cyber Controls Chapter Area and contribute to protecting the Group, its customers and community.

See yourself in our team:
The Cyber Controls Chapter Area plays a crucial function within the Group Security division being responsible for designing and deploying effective cyber control capabilities and overseeing continuous improvement of the Group’s cyber risk profile.

As an organisation with a large IT estate servicing millions of customers everyday, we need to ensure effective mitigations are in place to defend our assets against an ever-evolving cyber threat environment. The Control Lead Vulnerability Management will lead a team tasked with ensuring control capabilities are in place to identify and remediate security weaknesses across the Group in a timely and effective manner.

We support our people with the flexibility to balance where work is done with at least half your time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work for you.

Do work that matters
Working with the Control Lead Vulnerability Management the Control Manager will:

Analyse vulnerability scan results to identify and prioritise critical security risks based on severity, exploitability, and potential business impact. Work closely with technology teams to support remediation efforts and verify improved security posture. Remain current with emerging threats and share knowledge with colleagues to drive continuous improvement. Support the Control Lead Vulnerability Management in monitoring the Group’s compliance with the Vulnerability Management Standard.

We are interested in hearing from people who:

• Embody the leadership principle of ‘Curious and Humble’ by being willing to speak up and challenge the status quo, and continually expanding their skills and knowledge.
• Are knowledgeable about cyber threats and vulnerabilities relevant to server, network, and endpoint security.
• Can analyse threat intelligence, identify potential risks, prioritise vulnerabilities, and recommend appropriate mitigations.

Technical Skills that will benefit you in the role:

• Applied knowledge of ASD ISM, NIST, CIS and Essential Eight cyber mitigation strategies.
• Proficiency in vulnerability scanning tools (e.g., Tenable Nessus, Qualys, Rapid7, etc.).
• Experience with vulnerability prioritisation frameworks (e.g., CVSS, EPSS).
• Familiarity with patch management tools (e.g., Microsoft SCCM, WSUS, Ivanti).
• Understanding of web application vulnerabilities (e.g., OWASP Top Ten).
• Experience with data visualisation tools (e.g., Power BI, Tableau) and proficiency in creating executive-level dashboards and reports.
• Security certifications: CISSP, CISM, or CRISC.

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.