Third Party Security Consultant

**_You are _**_a problem solver with a strong background in Cyber Security Risk and Governance with a key focus across data minimisation. _
- **_We are _**_one of the best and most advanced Cyber Security teams in Australia. _
- **_Together we can _**_contribute to protecting the group, its customers and community. _

**Your business:
**The Technology division delivers the Group’s information technology and banking operation functions to ensure the highest levels of customer service through world-class process excellence and technology innovation. Cyber Security protects the bank and our customers from theft, loss and risk events, through effective and proactive management of cyber security, privacy and operational risk.

We support our people with the flexibility to balance where work is done with at least half your time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work for you.

**Your new team**:
This role will be part of the Third-Party Security Team. The team’s primary role is, facilitating the assessment of cyber risks in relations of the Group’s third parties and engaging in activities to reduce the quantity of data held by third parties.

The Third-Party Security Team, implements, consults, and drives a variety of complex assessment and governance initiatives related to the cyber security of our third parties. The Team maintains a robust framework to ensure the Group’s information security risk objectives are being met.

**Your impact and contribution**:
This role has a focus on third parties, and you can expect to be engaging and working with your peers across the Group’s third-party landscape who engage with Commbank as well as like-minded Cyber Security professionals across the Group.

A key focus will be collaborating with cross-functional teams to implement **data minimisation **strategies, ensuring that third-party engagements adhere to the group’s security and related standards. This will involve, assessing data requirements, identifying opportunities to reduce Commbank’s data exposure with internal stakeholders, and working closely with third parties to enforce data minimisation practices.

You will also:

- Undertake security assessments to measure the design and operating effectiveness of the security controls of CommBank’ third parties.
- Identify and documenting supplier security risks and advising on the management of findings through to issue remediation.
- Provide reports and insights into findings arising from security assessments.
- Contribute to continuous improvement activities associate with the groups third party and data governance and date minimisation processes.

**We are interested in people who**:
Will bring previous experience working in security governance and security risk management with the key focus on data minimisation. You have the ability to consult with the business on complex security issues to ensure the organisation’s risk and governance objectives are met.

You will bring:

- **Proficient **across **data minimisation **, supporting data management solutions and services across the business.
- Experience across **cyber risk and governance **.
- Understanding in information security standards such as APRA CPS 234, **NIST CSF, and the ISO 27000 series **essential.
- **Process improvement mindset **and someone who is curious and keen to help others and looking to build a future career across cyber.
- Understanding of technical and procedural information security in relation to key third parties used by large financial service organisations.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.

Advertising End Date: 15/09/2024