Executive Manager Group Cyber Governance and Compliance

**Executive Manager Group Cyber Governance and Compliance**
- **_You are _**_a passionate Cyber Security Leader with strong expertise in governance, risk and compliance and a demonstrated capability to lead and develop people _
- **_We are one _**_of the best and most advanced Cyber Security teams in Australia _
- **_Together we can _**_contribute to protecting the Group, its customers and community from current and evolving cyber threats. _

**See yourself in our team**:
Our Group Security teams are responsible for providing best-in-class security, resiliency and reliability for the Group, its subsidiaries and its customers. They help keep our people and customers safe, sound and secure whilst helping us maintain our position as Australia’s most trusted Bank.

Our cyber team is committed to building leading end-to-end cyber capability, prioritizing the protection of our critical assets, instilling disciple to deliver securely at velocity and safeguarding Australians through cross-sectoral partnerships.

**Do Work that matters**:
Reporting to the General Manager Group Security Governance Intelligence & Insights, as the Executive Manager - Group Cyber Governance and Compliance, you will oversee the Group Information Security Policy Framework to ensure it is fit for purpose and aligned to internationally recognised standards. You will oversee cyber risk governance activities including risk reporting to specialist committees and Board. You will also have cyber risk management accountabilities for the Group’s international branches, as well as oversight of cyber security compliance management with domestic and international regulatory regimes.

**You will also be leading a team to**:

- Maintain the Group Information Security Policy Framework, and partner with key functions across the Group to embed requirements and extend user understanding, to drive compliance with the documented requirements.
- Implementing and maintaining governance frameworks to support the Group’s information security risk and compliance objectives and oversee robust cyber compliance processes against external domestic and international requirements.
- Monitor the legislative, regulatory and policy (internal and external) landscape and provide information to key stakeholders on the developments and impacts, including representing the Group’s information security posture in submissions to industry bodies / regulators / government departmentsReport on information security risk in respect of information security initiatives, activities, processes and metrics, with reference to the Group Information Security Policy Framework, legal and regulatory obligations and industry best practices including (but not limited to) NIST Cybersecurity Framework 2.0.
- **We are interested in hearing from people who have a**:

- Well-developed risk mindset - to the ability to proactively identify, understand, communicate and act on current and emerging cyber security risks.
- Extensive experience in running an enterprise cyber security governance, risk and compliance function including in the area of maintaining policies, standards and exceptions management.
- Previous experience with information security risk and control management frameworks and translating and implementing those within complex organisations.
- An understanding of cyber security control design, implementation and assurance testing processes.
- Experience with industry security standards such as ISO/IEC 27001, NIST CSF, E8 and COBIT 5.
- Strong negotiation and influencing skills to effectively interface with and manage key stakeholders from three lines of risk, including ability to present and translate technical information for stakeholders in other parts of the business.
- Demonstrated experience in working to tight timeframes with senior technical and non-technical stakeholders to communicate risk.
- Relevant cyber security qualifications such as CRISC, CISM, CISSP, CISA.
- Ability to lead a team of experienced professionals and build strong relationships across a diverse set of stakeholders.Understanding of domestic and international information security regulation, such as APRA Prudential Standard CPS 234, MAS TRM and HKMA Cybersecurity Fortification Initiative.

**Technical Skills**:

- Risk and Control Frameworks (Operational Risk Management Framework)

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.

Advertising End Date: 06/05/2025