Cyber Defence Risk Manager

Job Description

Cyber Defence Risk Manager Are you a Cyber Defence specialist with an understanding of the intricacies of cybersecurity operations? We are looking for someone who excels in grasping the subtleties of cyber risk management, especially in the areas of offensive and defensive functions. If you have a background as a Security Engineer, Threat Analyst, or Incident Responder, but would rather utilise your expertise to guide technical teams than engage in hands-on analysis or incident response, this role is ideal for you. See yourself in our team: The Technology and Operations (Tech & Ops) Risk team is responsible for providing specialist Operational Risk and Compliance (OR&C) advice and assurance of decisions made across the Technology, Chief Operating Office, and Business Unit divisions. Do work that matters: The purpose of this role is to serve as an SME within the Cyber Risk team in the Tech & Ops Risk division, supporting the Group Security function. You will collaborate with the Executive Manager Cyber Defence Risk to provide independent Line 2 advice and assurance regarding the implementation of the Risk Management Approach and the Operational Risk and Compliance Management Framework. Additionally, you will play an active role in enhancing risk capabilities across the Cyber Security functions. Key responsibilities for this role include: Technical: Collaborate with and provide SME risk management advice to crews aligned to cyber domains that mainly cover: Security Engineering, Vulnerability Assessment, Cyber Attack (Penetration testing, Red Teaming etc.) and Cyber Defence. Working as part of a team of professional SMEs to provide independent, pragmatic and value adding Operational Risk advice and assurance for technology and cyber risks across the Group. Supporting the Executive Manager through monitoring and reporting on the three lines of accountability (3LoA) activities, including the Risk Management Approach, the Operational Risk Management Framework, and the Compliance Management Framework in support of CPS 220. This also involves overseeing key security risks, controls, issues, and incidents, as well as risks related to change and licensing obligations, while managing risk acceptance through data-driven BAU monitoring activities as well as periodic assurance reviews. Contributing to the oversight and monitoring of key technology and cyber risks, controls, issues, incidents, and risk-in-change. Supporting the appropriate identification, escalation and reporting of related technology and cyber risk and compliance matters to the relevant stakeholders, including the relevant NFRCs, your EM/GM and to the Technology and Operations CRO. Leadership: Work as part of a cross-skilled team that can support a range of inter-connected risk domains, speaking up and contributing to appropriate Line 2 oversight and challenge. Provide ideas for Line 2 risk management and assurance activities, data analytics and stakeholder reporting; contribute to a culture of learning and collaboration. Role model behaviours that are consistent with CBA values expectations and leadership principles; provide a safe workplace for all team members, customers and visitors. Develop and maintain partnerships with stakeholders; become a trusted advisor using practical recommendations; and assist the business to understand where prioritised focus on key risks and compliance matters is required. We’re interested in hearing from people who have: Experience in cyber security with a solid understanding of relevant industry standards, frameworks, and regulations (e.g., OWASP, MITRE ATT&CK, D3FEND, CPS234, NIST, etc.). Desirable to have a recognised information security certification (e.g., CISSP, CISM, SABSA, OCSP, etc.). Technical knowledge to collaborate with cyber teams and engage in discussions about risk remediation and prioritisation. Exposure to Operational Risk and Compliance within the Financial Services industry is valued. Effective written and verbal communication skills, including the ability to assist in report writing, evidence gathering, and data analysis. Ability to build relationships and influence stakeholders, proactively engaging with Line 1 teams while providing practical risk advice. A curious and humble mindset with an awareness of external trends and changes, demonstrating an interest in continuous learning to enhance risk management practices. Your Career: If you live the values and demonstrate the people capabilities we can offer great opportunities. Whether you want to move across the organisation or up into a leadership role, the way you live the values and demonstrate the people capabilities are key. Use the capabilities required for this role as a guide to the critical skills and behaviours you need for your next move. We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in. If this sounds like the role for you then we would love to hear from you. Apply today! If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career. #J-18808-Ljbffr