Risk and Controls Manager Line 1

Organization: At CommBank, we never lose sight of the role we play in other people’s financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things.

Job Title: Risk and Controls Manager Line 1
Location: Manyata Tech Park, Bangalore
 

Business & Team:

The Technology Chief Controls Office (CCO) team is a Line 1 risk team responsible for supporting CBA in continuing to mature its risk culture and establish and maintain strong risk practices. Technology CCO is responsible for providing end to end risk advice and guidance. We support our delivery teams across CommBank in their development and operation of solutions ranging across innovative product platforms for our customers to essential tools within our business.

Impact & Contribution:

The Manager, Risk and Control Enablement Privacy Risk and Compliance is part of the Technology CCO team for ensuring:

Privacy risks for any new and changing processes are assessed, awareness is raised, risk mitigations are in place, embedded and sustainable. They achieve this by assessing the effective design and implementation of controls to enable compliance and supporting the business through new and changing processes

Provide support to Technology businesses to implement regulatory changes and compliance policy changes that affect Technology.

This role will work closely with stakeholders in the Group Privacy Office, Cyber, Line 2 and delivery owners across Technology. They’ll also work in partnership with the business to strengthen and drive effective privacy, compliance risk management and Group regulatory changes to uplift controls, risk culture, and ensure we meet all regulatory requirements and practices are sustainable and embedded into BAU.

This role is required to act with independence, work with ambiguity and must have the ability to influence stakeholders by actively building and maintaining valuable relationships with:

·        Privacy, Cyber and Technology SMEs

·        Technology Application Owners

·        Chief Data and Analytics Office

·        Relevant Technology, Privacy and Cyber related programs

·        Line 2 Operational Risk and Compliance

·        Technology CCO peers

·        Group Privacy Office

·        Peer BU/SU CCO teams

Roles & Responsibilities:

• Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions and decisions we expect from our people.

• Deliver and support Technology BU / SUs on Privacy Impact Assessments (PIAs), Privacy Risk matters and Regulatory Changes to enable better risk and compliance outcomes

• Share learnings and coach team members to conduct best practice privacy assessments, review obligation applicability assessment, control assessments, technology risk assessments, root cause analysis of issues and incidents, identifying and implementing control improvements

• Deliver and advise on effective design and implementation of controls for all new and changes to processes and operations for Privacy and Compliance

• Partner with the business to deliver pragmatic insights that enable risk based and informed decision-making and provide assurance over controls

• Advise and articulate business impacts to stakeholders on privacy and compliance policy changes and regulatory changes

• Drive continuous improvements and champion a learning mindset to enable a future-fit workforce

• Build a proactive and high performing culture and capabilities for compliance, privacy, risk and controls

Essential Skills:

• Experience of risk and/or control advisory in banking/financial services/professional services other relevant sector, and/or minimum 8+ years’ experience in Privacy, Technology, Cyber or Operational Risk practitioner roles

• Familiarity with Privacy regulations is favourable (Australian Privacy principle - APP, GDPR)

• Strong knowledge of Privacy and Compliance Risk Frameworks

• Understanding of impacts on CBA of APRA standards (not limited to CPS220, 231, 232, 234, 235) and Privacy regulations

• Experience with project change risk (Risk in Change) and change management

• Excellent stakeholder management, communication skills, critical thinking, problem-solving skills and ability to provide constructive challenge

• Ability to adapt working in complex environments with ambiguity to deliver consistent high quality business outcomes

Education Qualification:

• Bachelor’s degree/master’s degree in engineering in Computer Science/Information Technology

• Professional certificates like CISA, CRISC, CGEIT, CISM, ITIL, COBIT or other IT Risk related certifications (e.g. Basel II, GS007, AS3402, ISO2700x) will be preferred

• Additional technology related certs will be favorable