Senior Audit Manager, Technology & Cyber Audit

At CommBank we are proud to support flexibility, let’s discuss what this means for you”

The Commonwealth Bank of Australia (Bank) is Australia's leading provider of integrated financial services. They are committed to continuously improving governance practices and ensuring that they are aligned with business, stakeholders, and customers’ needs. 

Group Audit and Assurance (GA&A) are the internal audit function for the Group. Their primary purpose is to provide independent and objective assurance of the effectiveness of the Groups risk management, controls, and governance processes. 

Evolving customer expectations, competitive threats and pace of change require GA&A to support the business with new insights and risk coverage that puts customers first and to continue to provide insightful assurance to the Board. As digital technology disrupts and transforms entire industries and ways of working, GA&A is committed to keeping pace and continually reimagining themselves with the latest global best technology and innovation.

Over the last three years GA&A has increasingly embedded digital assurance into audit activities, injecting Artificial Intelligence (AI) into routine control testing and using digital tools to improve the overall experience for employees. 

GA&A have increased their team’s capacity for high value judgement-based activities and expanded their support to include sharing knowledge and tools that create better risk coverage across the Bank for all Three Lines of Assurance. With global-best digital tools that harness the power of data, analytics and AI, GA&A are delivering smarter, faster, and safer outcomes to address current and emerging risks and provide better assurance outcomes for our customers and community. GA&A was recognised as an ABA100 winner for both Risk Management and Business Innovation in The Australian Business Awards 2023.

See yourself in our team

The Technology & Cyber team audits the bank's cyber controls, technology platforms, processes, and applications. With cyber-attacks constantly evolving, we seek a specialist to support us in auditing the banks cyber controls and how the bank secures its technology platforms and applications.

Do work that matters

This is an exciting opportunity for someone with a deep understanding of cybersecurity threats, controls, and frameworks, paired with a keen eye for process improvement and risk mitigation. As part of our dynamic internal audit function, you will contribute to the overall security posture of our institution while ensuring regulatory requirements are met and risks are effectively managed.

The Senior Audit Manager is a pivotal role within the Tech & Cyber audit team and your role is to lead and conduct comprehensive audits focused on cybersecurity across the Group.

We’re interested in hearing from people who will aspire to

• Lead and conduct technical audits over various cyber controls across various technology platforms, such as cloud, networking, and software development, etc.
• Conduct comprehensive audits focused on cybersecurity and information security, including vulnerability management, distributed denial of service, data security, and access control reviews.
• Evaluate and assess the effectiveness of cybersecurity controls, policies, and procedures to ensure the bank is protected from evolving threats and meets regulatory and industry standards.
• Provide assurance and recommendations to improve the security, reliability, and performance of the IT systems and services.
• Communicate audit findings and recommendations to senior management and stakeholders, both verbally and in writing.
• Follow up on the implementation of agreed action plans and monitoring the resolution of audit issues.
• Be abreast of emerging technologies, trends, and risks, and developing audit methodologies and tools to address them.
• Contribute to the continuous improvement and innovation of the audit function and the IT strategy.
• Collaborate with people across various parts of the Group; stakeholder management and communication skills are essential in this role.
• Provide strategic insights to senior management regarding emerging cybersecurity risks and trends and support the bank’s risk management initiatives through continuous monitoring and assessment.
• Operational responsibilities that are required for the smooth functioning of the Technology Audit team, as well as pro-actively contributing to long-term value creation for the Group.
• Lead and mentor junior auditors, promoting a culture of continuous learning and improvement within the team.

Other qualities you may possess include

• Strong Information Technology Acumen: Demonstrated expertise in navigating complex IT environments within financial services, including experience in cybersecurity and internal auditing and familiarity with technologies such as cloud, networking, Kubernetes.
• Strong knowledge of cybersecurity frameworks and standards such as NIST, ISO 27001, CIS Controls, and SOC 2, along with a deep understanding of common cybersecurity threats, vulnerabilities, and best practices.
• Advanced Analytical Skills: Ability to analyse and interpret technical data and trends related to information technology, enabling informed decision-making and strategic planning within audit frameworks.
• Innovative Problem-Solving: Experience in identifying and addressing complex IT audit issues, proposing innovative solutions that enhance efficiency, security, and compliance.
• Collaborative Team Leadership: Proven capability in leading cross-functional audit teams, fostering collaboration, and leveraging diverse expertise to achieve audit objectives effectively.
• Continuous Learning and Adaptability: Commitment to staying updated on technological advancements, industry best practices, and evolving regulatory landscapes, adapting audit strategies accordingly.
• Technical Proficiency and Upskilling: Demonstrated ability to quickly upskill in emerging or unfamiliar technologies.
• Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or equivalent is highly preferred.

Working with us means

Whether you’re passionate about customer service, driven by data, or called by creativity, a career here is for you. At CommBank, we advocate and facilitate a culture of inclusion and respect, celebrating all cultures, abilities, genders, expressions of gender and sexual orientation. Read more about our commitment to inclusion and diversity on our website. 

Our people bring their diverse backgrounds and unique perspectives to build a respectful, inclusive and flexible workplace. We are working hard to recruit people who represent the diversity of our customers and our society. If you're excited about this opportunity but you don't meet every single requirement, or your experience doesn't align perfectly, we still want to encourage you to send in your application. You may just be the perfect candidate for this opportunity or another within CommBank. 

At CommBank we will inspire you with work that makes a difference, surround you with talented people that respect and value each other, and empower you to grow professionally and personally. Most of all, making a positive impact for customers, communities and each other is part of our every day. 

We’re determined to make a real difference for Australia’s first peoples. We encourage all interested applicants to apply. If you’re already part of the Commonwealth Bank Group (including BankWest), you’ll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career. 

**Apply Now to live your best life, by doing your best work with us! **

Advertising End Date: 28/01/2025