Control Lead Cloud Security

This is a Control Lead Cloud Security role with Commonwealth Bank based in Sydney, NSW, AU
== Commonwealth Bank ==

Role Seniority - senior

More about the Control Lead Cloud Security role at Commonwealth Bank

Control Lead Cloud Security (Senior Manager) 

• Are you a cybersecurity risk and control professional with a background in cloud security control design and implementation? 

  • We are one of the best and most advanced Cyber Security teams in Australia. 

    • Together we can build the Cyber Controls Chapter Area and contribute to protecting the Group, its customers and community. 

See yourself in our team:  The Cyber Controls Chapter Area plays an important function within the Group Security division being responsible for designing and deploying effective cyber control capabilities and overseeing continuous improvement of the Group's cyber risk profile. 

As an organisation with a large IT estate servicing millions of customers everyday, we need to ensure effective mitigations are in place to defend our assets against an ever-evolving cyber threat environment. The Control Lead Cloud Security is tasked with ensuring control capabilities are in place to identify security weaknesses and mitigate cyber threats to cloud-based asset classes (IaaS, PaaS, SaaS, containers) across the Group. 

We support our people with the flexibility to balance where work is done with at least half your time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work for you.    Do work that matters   Working with the Cyber Controls Chapter Area Lead and collaborating with peer Control Leads, the Control Lead Cloud Security will focus on: 

Supporting Technology Crew Leads, Product Owners and Enterprise Architects in setting the control capability roadmap for cloud security, overseeing control operation, and delivery of control remediation to achieve target risk outcomes. 

Establishing and maintaining cloud security standards and guidelines to align with changes in industry standards, technology strategy and threat intelligence.  

Governing the Group's compliance with Cloud Security control requirements and supporting the business in tracking remediation of critical security weaknesses and improvement of overall risk posture. 

Carry out control effectiveness assessments, identify control weaknesses and drive appropriate risk remediation across business-owned cloud-based assets. 

Establish automated control performance monitoring capabilities to support cloud security assurance over business-aligned technology services. 

We are interested in hearing from people who: 

• Embody the leadership principle of 'Curious and Humble' by being willing to speak up and challenge the status quo, and continually expand their skills and knowledge. 

  • Are knowledgeable about cyber threats and vulnerabilities relevant to cloud-based technologies. 

    • Can analyse threat intelligence, identify potential risks, prioritise vulnerabilities, and recommend appropriate mitigations (Identity & Access Management, Cryptography, Secure Configuration, Data Security, Vulnerability Management, CIEM, CNAPP, CSPM, SSPM). 

      • Have experience working with cloud security enterprise solutions and implementing security tools in large and complex IT environments. 

        • Can operate effectively in an agile working environment exemplifying high degrees of autonomy and self-initiative to achieve target outcomes. 

          • Have demonstrated ability to engage and influence stakeholders to build rapport, obtain buy-in and achieve target outcomes. 

Technical Skills that will benefit you in the role: 

• Understanding of hybrid and cloud-native environments (e.g. AWS, Azure) and how security controls apply to them. 

  • Applied knowledge of ASD ISM, NIST CSF, CIS and ACSC Essential Eight cyber mitigation strategies. 

    • Proficiency in SSPM, CSPM, CNAPP, CIEM. 

      • Experience with vulnerability prioritisation frameworks (e.g., CVSS, EPSS). 

        • Understanding of web application vulnerabilities (e.g., OWASP Top Ten). 

          • Security certifications: AWS/Azure security; CISSP, CISM. 

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We're keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.

Advertising End Date: 21/07/2025

Before we jump into the responsibilities of the role. No matter what you come in knowing, you'll be learning new things all the time and the Commonwealth Bank team will be there to support your growth.

Please consider applying even if you don't meet 100% of what's outlined

Key Responsibilities

• Supporting Technology Crew Leads and Product Owners
• Establishing cloud security standards
• Conducting control effectiveness assessments

Key Strengths

• Cloud security control design and implementation
• Cybersecurity risk analysis
• Stakeholder engagement
• Knowledge of hybrid and cloud-native environments
• Experience with security certifications
• Familiarity with vulnerability prioritization frameworks

Why Commonwealth Bank is partnering with Hatch on this role. Hatch exists to level the playing field for people as they discover a career that's right for them. So when you apply you have the chance to show more than just your resume.

A Final Note: This is a role with Commonwealth Bank not with Hatch.

---