Senior Manager Risk and Control Enablement

Cloud Risk and Controls Lead

Are you an experienced specialist in Cloud Computing risk with a comprehensive understanding of cloud controls? We are seeking an individual who excels in understanding the complexities of cloud risk management and can apply an operational risk management perspective to cloud computing. If your background includes roles such as a cloud computing practitioner, cloud security engineer, cloud architect, cloud vulnerability manager, or cloud incident response, and you wish to leverage your expertise to guide technical teams in the design and operation of their controls, this role is ideal for you.

See yourself in our team:

The Technology Chief Controls Office (CCO) team is a Line 1 risk team responsible for supporting CBA in continuing to mature its risk culture and establish and maintain strong risk practices.

Technology CCO is responsible for providing end to end risk advice and guidance. We support our delivery teams across CommBank in their development and operation of solutions ranging across innovative product platforms for our customers to essential tools within our business.

Do work that matters:

The Senior Manager, Risk and Control Enablement is part of the Technology CCO team that supports the Chief Technology Office (CTO) providing specialist cloud risk advice for the second pillar of our Technology Strategy, “A modern technology estate”. CTO owns and operates the Cloud Foundational platform for CBA and drives the leverage cloud as a strategic enabler lever under the Technology Strategy. 

This role is primarily responsible for ensuring that new and changing strategic initiatives are risk assessed with appropriate controls and mitigations in place. This will be achieved by identifying and assessing the key risks across multiple domains of technology, cyber security, data, AI, privacy and validating the implementation of appropriate controls.

This role reports into the Technology CCO Executive Manager Risk and Control Enablement. A team of Managers will report to this role. The role supports Technology Executive General Managers (EGMs), General Managers (GMs) and Executive Managers (EMs) in providing risk services with all elements of the ORMF.

Key responsibilities for this role includes:

• Oversee and support the business on the design and implementation of controls to enable better risk and compliance outcomes, providing guidance and advice to senior leaders on their application.

• Drive continuous improvement of the business control environment by using data to generate insights and reports.

• Lead and coach team members to conduct root cause analysis of issues and incidents, identifying and implementing control improvements.

• Set expectations and manage data quality in/maintain various databases (including RiskInSite) and provide senior business leaders with insights on monthly management reporting.

• Lead and coach extended team members to conduct technology risk assessments, advise on delivery risk and delivered risk including impact assessments, advise on the effective design of technology cloud control specifications, and validate the effective design of the controls implemented.

• Lead and build a proactive risk and control culture.

• Partner with the business to deliver pragmatic insights that enable risk based and informed decision making and provide assurance over controls.

• Accountable for ensuring risks are profiled and captured in the Risk Profile (RCSA) and updated when risk trigger events occur.

• Adhere to the Code of Conduct. The Code of Conduct sets the standards of behavior, actions and decisions we expect from our people.

We’re interested in hearing from people who have:

• Extensive experience in risk and/or control advisory in banking/financial services/professional services or other relevant sectors, and experience in Cloud, Technology, Cyber, Data/AI practitioner roles.

• Experience with project change risk (Risk in Change).

• AWS experience or AWS certification (Foundations, Solutions Architect, etc) and SaaS skill base.

• CISM, CISA, CRISC, CGEIT, CDPSE, COBIT, ITIL, CISSP or other IT risk related certifications (e.g., ISO200x, PCI/DSS) holder is favourable.

• Familiarity with APRA standards (not limited to CPS220, 230, 231, 232) or Cloud risk frameworks is favourable.

• Strong soft skills, including stakeholders management, critical thinking, ability to provide constructive challenge, report writing, etc. is desired.

If this sounds like the role for you then we would love to hear from you. Apply today!

We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in

Advertising End Date: 09/03/2025