AddressChallenger Limited is an ASX-listed investment management firm managing $105 billion in assets (as at 30 June 2023). Life with us is fast moving and always exciting. Together we're driving to deliver our vision to provide our customers with financial security for a better retirement.
We achieve this goal by providing a work environment where people from diverse backgrounds, with a range of skills and experiences can contribute and succeed.
Key responsibilities:
Business Resilience framework
- work with all areas of Challenger to ensure quality Cyber, Business Resilience plans are in place, fit for purpose and periodically tested and refreshed.
- Continue to enhance Cyber playbooks, Impact Assessments and DR processes, practices, and testing regimes to ensure risk is effectively managed and Challenger's continued compliance with regulatory requirements.
- Review the Business Resilience program with a strategic and risk-based lens to enhance capability and improve Business Resilience.
- Execute a strategic uplift program of work intended to enhance people engagement, overall testing approach and procedures, tools, and processes that ultimately drive quality data and compliance.
- Assist business owners and the crisis management team in ensuring accuracy, practicality, and exhaustiveness of their BCP/DR and Cyber documentation.
- Manage annual tests, associated preparation, and co-ordination activities with a range of business units.
- Chair of the Cybersecurity Incident Response Team (CIRT), and management of relevant simulations and tabletop exercises to be executed by the CMT.
- Other Business Resilience and Cyber duties as required.
Crisis Simulations- conduct annual crisis simulation with CMT, LT and Board and material service providers.
Disaster Recovery - oversee the regular testing of Challenger and service providers Disaster Recovery (DR) sites and back up recovery scenarios to ensure effective and well exercised (DR) processes for on-prem, hybrid and cloud services
Training / Education - train staff and leaders on crisis management, Business Resilience and cyber simulations and event management.
Compliance - ensure Challenger is compliant with relevant regulatory obligations including managing to the introduction of CPS230 and maintain compliance with CPS234, GS007 & CPS/SPS232 Audit work and APRA/ASIC/SOCI Act requirements regarding Cyber resilience.
Risk Management:
- Ensure Business Resilience and Cyber incidents and risks are addressed in a timely manner in line with the operational risk framework and BRiskWise timeframes.
- Report any exceptions to the ERMC, GRC and Board.
- Liaising with internal and external audit functions to ensure timely management and completion of audit processes. Assist in agreement of internal and external audit remediation commitments, and track any such commitments through to timely completion.
- Liaise with and educate wider business stakeholders to ensure proper representation and consideration of technology risk.
- Other risk and compliance activities as directed.
Key Capabilities including Knowledge & Skills required:
- Stakeholder management - being able to manage senior level stakeholders from the across the business, including Board and supply chain
- Business Resilience capabilities align to industry standard frameworks such as ISO 22301, NIST CSF, CPS234, ISO27001, and GS007.
- Excellent written and verbal communication skills
- Crisis Management planning and testing programs (Preferred not mandatory)
- Risk Management and Operational Resilience Experience (Preferred not mandatory)
- As applicable to the role, a working knowledge of the corporate regulatory environment, governance principles, corporate accountability and conduct frameworks and the process for managing risk.
- Experience in identifying, assessing, evaluating, and managing risks within business environment and specifically cyber resilience.
Prior experience required:
- At least 5 years working in the Information Security industry, preferably in a financial services environment
- ISO 22301 compliant BCP certification (Preferred not mandatory)
- Understanding of CPS230 and CPS / SPS 232 and Service Provider Business Continuity
- Working knowledge of IS control standards and frameworks, including ISO27001, NIST CSF, and audit report types such as SOC 1, SOC 2, ASAE3402, etc.
- Proactive in seeking and communicating opportunities to improve risk management outcomes in terms of day-to-day role responsibilities.
#LI-SA1
#LI-Challenger
We value inclusion and diversity of thought, promote flexible working practices so our people can integrate their work and personal lives, and are proud to be a Workplace Gender Equality Agency (WGEA) Employer of Choice for Gender Equality.
We believe in bringing your authentic self and a belonging in our culture. We are prideful in participating in the Australian Workplace Equality Index (AWEI) as a national benchmark on LGBTQ+ workplace inclusion and best practice in Australia. We offer the opportunity for a broad career experience and value people who are inquisitive and rigorous and are driven to make a difference.
Job type:
Permanent
Posting Close Date :
25/05/2024
