Control Lead Vulnerability Management

Job Description

Eveleigh, NSW - 5-7 Central Ave, Australia Commonwealth Bank CommBank offers personal banking, business solutions, institutional banking, company information, and more. You are a cybersecurity risk and control professional with a background in Vulnerability Management control design and implementation. We are one of the best and most advanced Cyber Security teams in Australia. Together we can build the Cyber Controls Chapter Area and contribute to protecting the Group, its customers and community. See yourself in our team: The Cyber Controls Chapter Area plays a crucial function within the Group Security division, being responsible for designing and deploying effective cyber control capabilities and overseeing continuous improvement of the Group’s cyber risk profile. Do work that matters: As an organisation with a large IT estate servicing millions of customers every day, we need to ensure effective mitigations are in place to defend our assets against an ever-evolving cyber threat environment. The Control Lead Vulnerability Management will lead a team tasked with ensuring control capabilities are in place to identify and remediate security weaknesses across the Group in a timely and effective manner. Responsibilities: Provide subject-matter expertise to Technology Crew Leads and Product Owners in setting the strategic roadmap for Vulnerability Management control capabilities, overseeing control operation, and supporting delivery of control remediation to achieve target risk outcomes. Establish and maintain control standards and guidelines to align with changes in industry standards, technology strategy, and threat intelligence. Govern the Group’s compliance with Vulnerability Management control requirements and support the business in tracking remediation of critical security weaknesses and improvement of overall risk posture. Ensure Vulnerability Management operation adheres to the Group Operational Risk Management Framework. Define the control testing approach to support automated control performance monitoring. Carry out annual Vulnerability Management effectiveness assessments and drive appropriate risk remediation to address identified control weaknesses. Assist the CTO CIO for Technology and GTS Infrastructure Transformation teams achieve their goals, who are responsible for the operation of vulnerability remediation across the Group’s critical applications and infrastructure. We are interested in hearing from people who: Have strong knowledge of cyber control frameworks (NIST CSF, ASD ISM and Essential 8, ISO27001), Cyber Kill Chain (Lockheed Martin and MITRE ATT&CK Framework), risk management and regulatory requirements. Possess excellent leadership, communication, and collaboration skills and have a proven ability to manage complex work and lead cross-function teams. Embody the leadership principle of ‘Curious and Humble’ by being willing to speak up and challenge the status quo, and continually expanding their skills and knowledge. Are knowledgeable about cyber threats and vulnerabilities relevant to server, network, and endpoint security. Can analyse threat intelligence, identify potential risks, prioritise vulnerabilities, and recommend appropriate mitigations. Have experience working with Vulnerability Management enterprise solutions and implementing patch management programs in large and complex IT environments. Can operate effectively in an agile working environment exemplifying high degrees of autonomy and self-initiative to achieve target outcomes. Have demonstrated ability to engage and influence stakeholders to build rapport, obtain buy-in, and achieve target outcomes. Technical skills that will benefit you in the role: Applied knowledge of ASD ISM, NIST, CIS, and Essential Eight cyber mitigation strategies. Proficiency in vulnerability scanning tools (e.g., Tenable Nessus, Qualys, Rapid7, etc.). Experience with vulnerability prioritisation frameworks (e.g., CVSS, EPSS). Familiarity with patch management tools (e.g., Microsoft SCCM, WSUS, Ivanti). Understanding of web application vulnerabilities (e.g., OWASP Top Ten). Experience with data visualisation tools (e.g., Power BI, Tableau) and proficiency in creating executive-level dashboards and reports. Security certifications: CISSP, CISM, or CRISC. If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career. Advertising End Date: 01/02/2025. #J-18808-Ljbffr