Risk and Controls Senior Manager Line 1

Organization: At CommBank, we never lose sight of the role we play in other people’s financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things.

Job Title: Risk and Controls Senior Manager Line 1
Location: Bengaluru - Manyata Tech Park

Business & Team: The Technology Chief Controls Office (CCO) team is a Line 1 risk team responsible for supporting CBA in continuing to mature its risk culture and establish and maintain strong risk practices. Technology CCO is responsible for providing end to end risk advice and guidance. We support our delivery teams across CommBank in their development and operation of solutions ranging across innovative product platforms for our customers to essential tools within our business.

Impact and Contribution: The Senior Manager, Risk and Control Enablement is part of the Technology CCO team that supports the Corporate Technology providing specialist risk advice. TCCO Corporate Technology operates as a centralized risk and controls function within the broader technology organization. Its primary mission is to enhance the organization’s ability to deliver change safely, including building resilient Operational risk and compliance capabilities, reduce technology-related risk debt, and embed a proactive, risk-aware culture across all technology crews. It provides consulting, technology, project delivery, portfolio management, system planning and operational oversight across Finance & Treasury, Risk, Human Resources, Legal & Group Secretariat, Operations Technology, Content Services, Financial Crimes, Platform & Engineering and Divestment Transition Management.

Roles & Responsibilities:

• Adhere to the Code of Conduct. The Code of Conduct sets the standards of behavior, actions and decisions we expect from our people.
• Oversee and support the business on the design and implementation of controls to enable better risk and compliance outcomes, providing guidance and advice to senior leaders on their application.
• Lead and coach extended team members to conduct technology risk assessments, advise on delivery risk and delivered risk including impact assessments, advise on the effective design of technology control specifications, and validate the effective design of the technology controls implemented
• Perform Change Management Risk assessments for Technology initiatives which are across the Technology portfolios.
• Lead and build a proactive risk and control culture.
• Partner with the business to deliver pragmatic insights that enable risk based and informed decision making and provide assurance over controls.
• Delivery of risk and control enablement initiatives to achieve better risk outcomes.
• Role would be individual contributor role to deliver risk activities under Corporate Technology Risk COE.
• Provide local line management to India resources of different portfolios.
• Coaches and nurture the broader TCCO India team members to grow them technically.
• Sufficient experience or specialized knowledge to allow application/modification of existing methods and systems on own initiative in line with business context.

Essential Skills:

• Minimum 15 years’ experience in risk and/or control advisory in banking/financial services/professional services or other relevant sectors and experience in Cloud, Technology, Cyber practitioner roles.
• Strong soft skills, including a growth mindset, stakeholder management, critical thinking, ability to provide constructive feedback and to synthesize information in an environment of white noise and heavy information flow.
• Experience in Change Risk, Cloud, Technology and Cyber is preferred.
• Experience in Financial crime risk management is preferred.
• Experience with project change and implementation risk advisory.
• Familiarity with APRA standards (not limited to CPS220, 230, 231, 232) or Cloud risk frameworks is favorable.

Education Qualification:

• Bachelor’s degree/Master’s degree in Engineering in Computer Science/Information Technology
• Certification such as CISM, CISA, CRISC, CGEIT, CDPSE, COBIT, ITIL, CISSP or other IT risk related certifications (e.g., ISO200x, PCI/DSS) holder is favorable