Executive Manager Risk Control Enablement

**Executive Manager Risk and Control Enablement - Group Security, Cyber Security**

**See yourself in our team**:
The Technology Chief Controls Office (CCO) team is a Line 1 risk team responsible for supporting CBA in continuing to mature its risk culture and establish and maintain strong risk practices.

Technology CCO is responsible for providing end to end risk advice and guidance. We support our delivery teams across CommBank in their development and operation of solutions ranging across innovative product platforms for our customers to essential tools within our business.

**Do work that matters**:
The Executive Manager will lead the team accountable for the strengthening, embedding and ongoing improvement of the risk and control environment. You will be part of a dynamic team focused on delivering high-quality risk management advice for Technology Business Units. This role will work closely with cybersecurity SMEs, technologists and the business to strengthen and drive effective Cyber Security Risk Management and assist with uplifting controls and risk culture.

This role will also lead the execution of strategic initiatives within Technology CCO to improve team effectiveness and performance, drive capability uplift activity and exemplify a strong and proactive risk culture. You will act as a trusted advisor to executive management in Technology, regarding strategic planning, emerging risks and risk maturity as it aligns to the financial services sector and play a key role in ensuring risk behaviours, processes and ongoing management and prevention become part of the ways of working across all of Technology.

This role will report to the Executive Manager, Technology CCO Group Security and will support Executive General Managers (EGMs), General Managers (GMs) and Executive Managers (EMs) in providing risk support with all elements of the ORMF.

This role is required to act with independence and must have the ability to influence stakeholders by actively building and maintaining valuable relationships with:

- Group Security
- Cyber, Cloud and Technology SMEs
- Architects, Engineers, Platform Owners and Service Owners
- Line 2 Technology Risk and Compliance Teams
- Relevant Cyber, Technology, Data and Cloud related programs
- Peer BU/SU CCO teams

**On any given day you will**:

- Lead and build the professional capability of a team of experienced technology and cyber security risk professionals
- Provide expert advice to senior stakeholders to manage their risk, compliance obligations and operations within appetite
- Partner with senior stakeholders to prepare responses to issues, near misses, and emerging risks or threats to resilience
- Gather and analyse risk reports to understand risks (working with relevant support areas as appropriate) and identify emerging trends
- Work with value-chain stakeholders to ensure end-to-end oversight of the risk and control environment
- Undertake diagnostic deep dives on the risk and control environment in the portfolio identifying and implementing systemised control improvements where possible
- Drive a strong, proactive risk and controls culture across our stakeholders
- Maintain strong professional expertise in technology and risk management issues and approaches

**We're interested in hearing from people who possess a combination of the below**
- An advanced understanding and knowledge of the risk and control environment and framework with proven experience with cyber security, technology and operational risks
- CISM, CISA, CRISC, CGEIT, CDPSE, COBIT, ITIL, CISSP or other IT risk related certifications (e.g. ISO200x, PCI/DSS) holder is favourable
- Ability to lead, direct and manage a large and varied stakeholder group at all levels of seniority across Business Units outside immediate area and influence change
- Product or tooling knowledge including but not limited to Group Security (Cyber Security) specialised knowledge & experience, strong process knowledge experience
- Experience in leading and coaching a team of risk professionals
- Strategic thinking and an ability to analyse trends, identify critical threats, insights and opportunities, diagnose problems and issues and recommend appropriate actions
- Have a passion for cyber security and technology risk, remaining up to date on emerging industry trends, controls and risks.
- Strong soft skills, including stakeholders management, critical thinking, ability to provide constructive challenge and report writing
- We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you're interested in. _

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your d