Control Lead Security Posture Management

Control Lead Security Posture Management (Senior Manager)

• You are a cybersecurity risk and control professional with a background in Security Posture Management control design and implementation.

• We are one of the best and most advanced Cyber Security teams in Australia

• Together we can build the Cyber Controls Chapter Area and contribute to protecting the Group, its customers and community.

See yourself in our team:

The Cyber Controls Chapter Area plays a crucial function within the Group Security division being responsible for designing and deploying effective cyber control capabilities and overseeing continuous improvement of the Group's cyber risk profile.

As a large, tech‑driven organisation serving millions of customers daily, we must continuously harden our environment against an evolving threat landscape. This role leads the enterprise‑wide Secure Configuration Management (SCM) control capability, ensuring secure baselines are defined, deployed, monitored and continuously improved across all major asset classes. You'll also provide rules‑based security posture management oversight (CSPM/SSPM/KSPM/Network/Posture-as-Code) and drive timely, risk‑informed remediation of baseline exceptions.

We support our people with the flexibility to balance where work is done with at least half your time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work for you.

Do work that matters

• Providing subject-matter expertise to Technology Crew Leads and Product Owners in setting the strategic roadmap for Security Configuration Management, Cloud Security Posture Management, SaaS Security Posture Management and API Vulnerability Management capabilities,

• Overseeing control operation, and supporting delivery of control remediation to achieve target risk outcomes.

• Establishing and maintaining control standards and guidelines to align with changes in industry standards, technology strategy and threat intelligence.

• Governing the Group's compliance with Security Configuration Management control requirements and supporting the business in tracking remediation of critical security weaknesses and improvement of overall risk posture.

You will also:

• Ensure Secure Configuration and Posture Management operation adheres to the Group Operational Risk Management Framework.

• Define the control testing approach to support automated control performance monitoring.

• Carry out on-going control effectiveness assessments and drive appropriate risk remediation to address identified control weaknesses.

• Assist the Technology teams responsible for maintaining the secure posture of the Group's critical applications and infrastructure to achieve their goals.
• Maintain positive stakeholder engagement with product owners, security engineers, and adjacent cyber security teams in relation to the development and lifecycle of secure configuration baselines and posture rulesets.

We are interested in hearing from people who have:

• Hands-on experience with policy compliance and security posture tools (e.g., Qualys, Wiz, NoName, Obsidian).

• Skilled in hardening endpoints and cloud services.

• Strong understanding of system security principles and automation for continuous compliance and reporting.

Security Standards & Frameworks

• Applied knowledge of ASD ISM, NIST, CIS, and Essential Eight mitigation strategies.

• Familiarity with vulnerability prioritisation frameworks like CVSS and EPSS.

• Security certifications such as CISSP, CISM, or CRISC are highly desirable.

Threat & Vulnerability Management

• Ability to analyse threat intelligence, identify risks, prioritise vulnerabilities, and recommend mitigations.

Whether you're passionate about customer service, driven by data, or called by creativity, a career here is for you.

Our people bring their diverse backgrounds and unique perspectives to build a respectful, inclusive and flexible workplace. We are working hard to build a team of people who represent the rich diversity of our customers and communities. If you're excited about this opportunity but you don't meet every single requirement, or your experience doesn't align perfectly, we still want to encourage you to apply. You may just be the perfect candidate for this opportunity or another within CommBank.

At CommBank we will inspire you with work that makes a difference, surround you with talented people that respect and value each other, and empower you to grow professionally and personally. Most of all, making a positive impact for customers, communities and each other is part of our every day.

We're determined to make a real difference for Australia's first peoples. We encourage all interested applicants to apply. If you're already part of the Commonwealth Bank Group (including Bankwest), you'll need to apply through Sidekick to submit a valid application. We're keen to support you with the next step in your career.