Information Security Governance Manager

• You are a problem solver with a strong background cyber risk, governance and 3rd party security.
• We are one of the best and most advanced Cyber Security teams in Australia.
• Together we can contribute to protecting the Group, Customers and Community

Your business:
The Technology division delivers the Group’s information technology and banking operations functions to ensure the highest levels of customer service through world-class process excellence and technology innovation. Cyber Security protects the bank and our customers from theft, losses and risk events, through effective and proactive management of cyber security, privacy and operational risk.
We support our people with the flexibility to balance where work is done with at least half your time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work for you.
Your new team:
As an Information Security Governance Manager, you will be joining the Third-Party Security Team, part of the wider Data Breach and Supplier Security Division. Our Primary role is facilitating the assessment of cyber risks in relations of the Group’s third parties and working with the business to ensure the risk is remediated.
The Third-Party Security Team, implements, consults, and drives a variety of complex risk and governance initiatives related to the cyber security of our third parties. The Team maintains robust governance activities and frameworks to ensure the Group’s Information Security risk and compliance objectives are being met.
Your impact and contribution:
This role has a focus on third parties, and you can expect to be engaging and working with your peers across the Group’s third-party landscape as well as like-minded Cyber Security professionals across the Group.
You will manage and consult on complex Information Security, governance, and risk initiatives that involve the third parties who engage with Commbank. This will include (but not limited to) undertaking complex third-party assessments (utilising various tools, resources, and service providers) and supporting the Group in security negotiations with third parties as a cyber-security subject matter expert.
You will also:
Enable cyber security to meet its strategic and operational outcomes through the provision of accurate, timely and pragmatic subject matter expertise in relation to Information Security Governance and frameworks.
Identify and assess Information Security risks in respect of third-party Information Security non-compliances, with reference to the Group’s Information Security policy framework, legal and regulatory obligations and industry best practices including (but not limited to); APRA CPS 234, PCI DSS, NIST Cybersecurity Framework, and ISO27001.
Monitor the legislative, regulatory and policy (internal and external) landscape and provide information to key stakeholders on developments and impacts.
Represent Cyber Security at governance forums with key third parties. This will include providing information on key cyber security concerns at these forums and developing a trusted relationship with your peers at these third parties.
We are interested in people who:
In this role you will bring your extensive experience across Security Governance and security risk management.
You have the ability to consult with the business on complex security issues to ensure the organisation’s risk and governance objectives are met.
You will bring:
Extensive experience in a security compliance, supplier security risk management, third party risk, or a Security Governance role.
Cyber security experience mandatory.
Understanding of Information Security standards such as APRA CPS 234, NIST CSF, and the ISO 27000 series.
Process improvement mindset and someone who is curious and keen to help others understand cyber security.
Exposure to the Information Security Policy Framework or a leading financial services organisation, desirable.
Good knowledge of technical and procedural Information Security in relation to application service providers, infrastructure, and telecommunications is highly regarded.
If this role is of interest to you, please apply directly or reach out to have a confidential discussion in more detail.
If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through to submit a valid application. We’re keen to support you with the next step in your career.
We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.
Advertising End Date: 11/02/2024