Privacy Risk and Compliance Manager

See yourself in our team:
Group CIO Technology delivers the Group's information technology and banking operations functions to ensure the highest levels of customer service through world-class process excellence and technology innovation.

To do this, Technology has a strategy with two clear goals of delivering iconic customer and employee experiences and simplified and standardised technology and processes. Technology is the Group's engine room committed to delivering available, reliable, consistent technology solutions for our internal and external customers.

Do work that matters:
The Manager, Risk and Control Enablement Privacy Risk and Compliance is part of the Technology CCO team for ensuring:

• Privacy risks for any new and changing processes are assessed, awareness is raised, risk mitigations are in place, embedded and sustainable. They achieve this by assessing the effective design and implementation of controls to enable compliance and supporting the business through new and changing processes
• Provide support to Technology businesses to implement regulatory engagement, regulatory changes and compliance policy changes that affect Technology

This role will work closely with stakeholders in the Group Privacy Office, Cyber, Line 2 and delivery owners across Technology. They'll also work in partnership with the business to strengthen and drive effective privacy, compliance risk management and Group regulatory engagement to uplift controls, risk culture, and ensure we meet all regulatory requirements and practices are sustainable and embedded into BAU.

This role will report to the COE Lead Privacy & Compliance, Technology CCO Central Domain and will support General Managers (GMs) and Executive Managers (EMs) in providing risk services with all elements of the Operational Risk Management Framework (ORMF), Compliance Management Framework (CMF) and Group Regulatory Engagement Standard (GRES). This leadership role is required to act with independence, work with ambiguity and must have the ability to influence stakeholders by actively building and maintaining valuable relationships with:

• Privacy, Cyber and Technology SMEs
• Technology Application Owners
• Chief Data and Analytics Office
• Relevant Technology, Privacy and Cyber related programs
• Line 2 Operational Risk and Compliance
• Technology CCO peers
• Group Privacy Office
• Peer BU/SU CCO teams

Key responsibilities for this role include:

• Deliver and support Technology BU / SUs on Privacy Impact Assessments (PIAs), Privacy Risk matters and Regulatory Changes to enable better risk and compliance outcomes
• Share learnings and coach team members to conduct best practice privacy assessments, review obligation applicability assessment, control assessments, technology risk assessments, root cause analysis of issues and incidents, identifying and implementing control improvements
• Deliver and advise on effective design and implementation of controls for all new and changes to processes and operations for Privacy and Compliance
• Partner with the business to deliver pragmatic insights that enable risk based and informed decision-making and provide assurance over controls
• Advise and articulate business impacts to stakeholders on privacy and compliance policy changes and regulatory changes
• Drive continuous improvements and champion a learning mindset to enable a future-fit workforce
• Build a proactive and high performing culture and capabilities for compliance, privacy, risk and controls

We're interested in hearing from people who have:

• Experience of risk and/or control advisory in banking/financial services/professional services other relevant sector, and/or experience in Privacy, Technology, Cyber or Operational Risk practitioner roles
• Experience with project change risk (Risk in Change) and change management
• CISM, CISA, CRISC, CGEIT, CDPSE, COBIT, ITIL, CISSP or other IT risk related certifications (e.g. ISO200x, PCI/DSS) holder is favourable
• Familiarity with APRA standards (not limited to CPS220, 231, 232, 234, 235) and Privacy regulations is favourable
• Strong knowledge of Privacy and Compliance Risk Frameworks
• Excellent stakeholder management, communication skills, critical thinking, problem-solving skills and ability to provide constructive challenge
• Ability to adapt working in complex environments with ambiguity to deliver consistent high quality business outcomes

If this sounds like the role for you then we would love to hear from you. Apply today
We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you're interested in.
If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We're keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on

Advertising End Date: 23/10/2025