Head of Chief Technology Office Operational Risk and Compliance

Head of Technology Compliance

See yourself in our team:

The Technology and Operations (Tech & Ops) Risk and Compliance team is responsible for providing specialist Operational Risk and Compliance (OR&C) advice, assurance and acceptance/approval of decisions made by Line 1 Technology.

Do work that matters:

The purpose of the role is to lead all aspects of Line 2 regulatory compliance for the Technology division of CBA including ensuring that the Technology division understands its regulatory obligations and monitoring its compliance to obligations. This role includes leading the Technology Compliance team over the following ‘run’ and ‘change’ areas.

Run:

• Be the trusted advisor and subject matter expert for all relevant regulatory obligations applicable to the Technology division of CBA. These include, but not limited to, APRA Prudential Standards (CPS231, CPS232 and CPS234 and the new Operational Resilience Standard CPS230), international equivalents plus general banking regulations (Compliance Obligations).

• Advise the Technology division on applicability, and ways to ensure compliance, with the Compliance Obligations.

• Oversee and monitor compliance to the Compliance Obligations in the Technology division.

• Oversee and monitor all incidents, issues, actions, matters, and initiatives underway that may impact compliance to the Compliance Obligations and/or might impact our relationship with banking regulators (e.g. APRA, ASIC, international regulators).

• Oversee all correspondence with banking regulators as it relates to Technology. This includes ensuring quality, completeness and transparency of correspondence.

• As a member of the Group Crisis Management Team (GCMT), respond to all P1 incidents, First Response Team (FRT) and GCMT crisis management matters to assess compliance impacts and the need to notify regulators.

Change:

• Provide thought-leadership and participate in the strategy for Technology, as it relates to regulatory compliance.

• Improve the efficiency and reliability of current processes related to the Compliance Obligations (such as materiality assessments).

• Identify and implement improvements, such as automation.

Key responsibilities for this role includes:

• Providing Line 2 compliance advice for the Technology division in CBA. Advice includes interpretation, assessment and written compliance advice.

• Leading all correspondence with APRA for Technology. This includes drafting of regulatory correspondence, including but not limited to, APRA notification letters, APRA breach letters and APRA informal/good governance correspondence.

• Leading Incident and Issue compliance assessments.  

• Leading assurance activities such as the annual APS310 attestations for CPS231, CPS232 and CPS234 (and later CPS230).

• Ensuring written Materiality assessments for cloud and CBA India migrations are accurate, concise and high quality.

• Maintaining the compliance ‘play book’ (or SOP) for attendance, response and regulator notifications of major incidents (HPIM/FRT/GCMT).

• Maintaining a list of regulator notification requirements (incl. global regulations) covering system outages, cyber-attacks, and major data breaches.

• Reviewing and challenging deficiencies and remediation actions related to the Compliance Obligations.

• Drafting content for relevant risk committees (e.g. Group Security NFRC, Technology NFRC) or Board.

Key Stakeholders / Relationships

Build relationships with the following key stakeholders (subject to change from time to time):

• Chief Information Security Officer and team.

• Chief Technology Officer and team.

• Chief Privacy Officer.

• Chief Data Officer.

• Cloud Office.

• Supplier Risk (GSRA) teams.

• Technology Risk (line 2) counterparts.

• Technology CCO (line 1 risk) counterparts.

• APRA Relationship Team (AAPRT).

If this sounds like the role for you then we would love to hear from you. Apply today!

We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in.

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.