Senior Manager - Compliance And Response

See yourself in our team:

Risk Management is an independent function within CommBank which is accountable for providing approval and acceptance of decisions to ensure the Group remains within its risk appetite.

The Technology and Operations (Tech & Ops) Risk team is responsible for providing specialist Operational Risk and Compliance (OR&C) advice, assurance and acceptance/approval of decisions made across the Technology, COO and Supplier Support Units.

Do work that matters:

As Senior Manager Compliance & Response you will work with the Executive Manager Compliance and Response to provide Line 2 services to Security Risk Management function that supports Group Security across both Operational Risk and Compliance.  

• Participating actively as a member of The EM Compliance and Response team, role modelling a positive risk culture.

• Your portfolio will include Line 2 support of Group Security functions. This includes CBA, Bankwest, X15 and potentially other Group Entities such as ASB.

• Provide compliance advice on APRA Prudential Standards - CPS 220, CPS 230. CPS 231, CPS 232 and CPS 234.

• Ensuring Line 2 independent advice over Line 1 effective implementation of the Risk Management Approach, the Operational Risk and Compliance Management Frameworks, and helping to uplift Compliance and risk capability.

• Assisting the Tech & Ops CRO, General Manager Security, EM and the team in ensuring a consistent and pragmatic approach to risk management in the business through:

  • Prioritization of operational risks, compliance obligations, controls and the regulatory pipeline.

  • Support the EM and relevant stakeholders in preparation for regulatory engagements and effective execution of the risk and compliance related components of the Group Security strategies.

• Contributing to the strategic direction of both the operational risk and compliance functions, including the efficiency and effectiveness of our Risk Management approaches.

Key responsibilities for this role includes:

• Work as part of a team of professional SMEs to provide independent, pragmatic and value adding Compliance advice, assurance and approval/acceptance for Group Security risks across the portfolio (in line with Line 2’s BEAR accountabilities).

• Monitoring and reporting of 3LoA activities to the Executive Manager, including BAU management of the Risk Management Approach, the Operational Risk Management Framework and Compliance Management Framework in support of CPS 220.

• Real time monitoring and advice of regulatory compliance matters, attestations and incidents to the stakeholders in relation to prudential standards such as CPS 231, CPS 232 and CPS 234

• Providing input into incident response, compliance incident assessment, regulatory submissions, incident notification, post incident review/management and other matters as required under CBA’s internal frameworks, policies and governance.

• Contributing to the oversight and monitoring of key security risks, controls, issues and incidents, risk in change and licensing and obligations, risk acceptance.

• Supporting the appropriate identification, escalation and reporting of all related security risk and compliance matters, including crisis and incident related to the relevant stakeholders, relevant NFRCs, your EM/GM and to the Technology and Operations CRO.

We’re interested in hearing from people who have:

• Background in Compliance and/or Operational Risk, including obligations from prudential standards and international regulations related to technology and cyber areas and Compliance and incident response skills. Knowledge of applying CBA’s operational risk and compliance frameworks, standards, policies and procedures.

• Background in technology, cybersecurity, business continuity management or resilience areas.

• Background in assessing compliance impact and regulatory requirements with respect to incident notification obligations such as CPS 231, CPS 232 and CPS 234.

• High quality written and verbal communication skills, report writing, evidence gathering and data capabilities.

• Stakeholder and influencing skills with the ability to engage pragmatically as a trusted but independent partner.

• A curious and humble mindset, understanding of external trends and changes, interest in learning, to build risk management best practice.

If this sounds like the role for you then we would love to hear from you. Apply today!

We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in.