Senior Audit Manager role (Cloud and Engineering)

• Shape the Future of Tech Assurance
• Advise at the Highest Level
• Innovate with Purpose

Do work that matters:

In Financial Services, we support the Group’s strategy of building tomorrow’s bank today for our customers, through a focus on three key priorities of trust, resilience, and capital generation. Financial Services partner with all areas of CommBank to specialist advice, support and services in finance, audit, treasury, property, procurement, climate strategy and investor relations.

The Commonwealth Bank of Australia (Bank) is Australia's leading provider of integrated financial services. They are committed to continuously improving governance practices and ensuring that they are aligned with business, stakeholders and customers’ needs. Group Audit and Assurance (GA&A) are the internal audit function for the Group. Their primary purpose is to provide independent and objective assurance of the effectiveness of the Groups risk management, controls, and governance processes. 

Evolving customer expectations, competitive threats and pace of change require GA&A to support the business with new insights and risk coverage that puts customers first and to continue to provide insightful assurance to the Board. As digital technology disrupts and transforms entire industries and ways of working, GA&A is committed to keeping pace and continually reimagining themselves with the latest global best technology and innovation.

Your Team:

The Technology & Cyber team is responsible for auditing the technology platforms, processes, and applications that support the bank meet our customer’s needs. As new technology continues to disrupt or threaten to disrupt how these platforms are built, secured and run we are seeking a specialist to help evaluate these emerging technologies and how they will impact the bank, and to assist in developing approaches to audit these new technologies.

Your Impact:

Your role is to support the Group Chief Technology Officer, Executive Leadership Team, and the Board in making efficient and confident decisions on the impact of emerging technologies and inform them on the suitability of strategies to utilise these emerging technologies and effectiveness of controls to manage them. The role requires deep technical expertise, a strong understanding of risk and control frameworks, and the ability to assess the design and operational effectiveness of IT controls, governance mechanisms, and security postures within modern technology environments.

This role is challenging and dynamic, requiring you to apply your technical expertise and analytical skills to a variety of technology domains. You need to be adaptable and proactive in identifying and addressing risks and opportunities in the technology environment.

• Planning and executing technical audits across various technology domains, such as cloud computing, software development/engineering practices (DevSecOps, CI/CD pipelines and tooling), AI/ML platforms, and application development environments.
• Evaluating the risks, design and effectiveness of IT controls, processes, and governance frameworks within the cloud and software engineering domains.
• Providing assurance and recommendations to improve the security, reliability, and performance of the IT systems and services.
• Communicating audit findings and recommendations to senior management and stakeholders, both verbally and in writing.
• Following up on the implementation of agreed action plans and monitoring the resolution of audit issues.
• Staying abreast of emerging technologies, trends, and risks, and developing audit methodologies and tools to address them.
• Contributing to the continuous improvement and innovation of the audit function and the IT strategy.
• Collaborating with people across various parts of the Group; stakeholder management and communication skills are essential in this role.
• Operational responsibilities that are required for the smooth functioning of the Technology Audit team, as well as pro-actively contributing to long-term value creation for the Group.

We’re interested in hearing from people who have:

• Risk Mindset – Expected to proactively identify and understand, openly discuss, and act on current and future risks.
• Strong Information Technology Acumen: Demonstrated expertise in navigating large complex IT environments (preferably technology or financial services),
• Strong understanding of cloud architecture and controls (AWS, Azure, or GCP certifications advantageous)
• Hands-on experience assessing DevSecOps practices, CI/CD pipelines, and development toolchains advantageous (e.g., GitHub, Terraform, Kubernetes)
• Familiarity with other emerging technologies such as artificial intelligence, quantum computing, blockchain.
• Proficiency with common IT control and governance frameworks (such as COBIT, NIST CSF, ISO 27001, and CSA CCM).
• Demonstrated ability to assess cybersecurity and technology risks and articulate clear, actionable recommendations.
• Advanced Analytical Skills: Ability to analyse and interpret technical data and trends related to information technology, enabling informed decision-making and strategic planning within audit frameworks.
• Innovative Problem-Solving: Experience in identifying and addressing complex IT audit issues, proposing innovative solutions that enhance efficiency, security, and compliance.
• Collaborative Team Leadership: Proven capability in leading cross-functional audit teams, fostering collaboration, and leveraging diverse expertise to achieve audit objectives effectively.
• Continuous Learning and Adaptability: Commitment to staying updated on technological advancements, industry best practices, and evolving regulatory landscapes, adapting audit strategies accordingly.
• Technical Proficiency and Upskilling: Demonstrated ability to quickly upskill in emerging technologies such as cloud, engineering, AI, and cybersecurity, adapting to changing technological landscapes.
• Excellent commercial acumen
• Strong analytical and commercial skills, with demonstrated ability to draw insights from analysis.
• Attention to detail and quality.
• Demonstrated ability to manage multiple deliverables simultaneously.
• Excellent verbal, written communication skills and critical thinking skills
• Tableau and Alteryx skills preferable

Working at CommBank 
We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in.