Manager - Supplier Risk and Controls

As a Manager- Supplier Risk & Controls at CommBank, you will play a crucial role in supporting the supplier risk agenda, executing risk assessments, and providing quality risk advice to the business. Your contribution will enable the Group to make risk-based decisions efficiently to enhance the overall supplier risk exposure. **Roles & Responsibilities:** - Adhere to the Groups Supplier Lifecycle policy and procedures. - Conduct quality reviews of inherent risk assessments done by the Business for supplier arrangements/services. - Act as a trusted advisor to the business, reviewing and advising on the outcome of multiple control programs such as Data, Privacy, Cyber, Technology, etc. - Provide risk advice regarding supplier sourcing, contracts, controls, and performance. - Participate in supplier governance meetings and Supplier Risk & Controls (SRC) team meetings effectively challenging the status quo. - Maintain accurate supplier risk profiles, ensure compliance with regulatory obligations, and support SRC leadership in managing a portfolio. - Collaborate with internal and external stakeholders for timely and effective execution of Control Assessment Program (CAP) including testing of supplier environments. - Review and leverage third party reliance reports like SOC2 Type 2, PCI DSS, SSAE, and translate results into outcomes. - Perform walkthrough on the test of design and evaluate the test of operating effectiveness through sampling methodology. - Document information accurately, translate outcomes into test results and observations, and convey results with suppliers and business partners. - Ensure compliance with the Groups Supplier Lifecycle, CAP Standards, Risk policy, and procedures. - Demonstrate a strong understanding of the COSO framework, SOC reports, ISMS reports, and their relevance to various controls. - Proactively take initiatives for innovative ideas for risk and process improvement opportunities. **Essential Skills:** - Minimum 10 years work experience in Financial Services industry in IT Audit, Compliance, or consulting environments. - Experience in Supplier, Operational Risk or Technology risk management and Control Assurance testing preferred. - Strong understanding of information security management, privacy, IT service continuity, disaster recovery, business continuity management, and third-party control assurance. - Ability to build effective working relationships with stakeholders. - Analytical skills to investigate, analyze, review, and document processes for better business outcomes. - Excellent communication skills and confidence in dealing with senior stakeholders. - Strong time management, planning, and organizational skills. - Knowledge of current regulatory requirements, familiarity with APRA standards. - Certification like CISA, CRISC, CGEIT, CISM, COBIT, or ISO27001 would be preferable. **Educational Qualifications:** - BSc - Computer Science or any IT related domain, BCA/MCA, MBA - IT Information Security/Cyber Security, BE - IT/Computers If you're already part of the Commonwealth Bank Group, you'll need to apply through Sidekick. For additional support, reach out to HR Direct. Please note that there are some accessibility issues on the site. If you require additional support, please contact HR Direct. As a Manager- Supplier Risk & Controls at CommBank, you will play a crucial role in supporting the supplier risk agenda, executing risk assessments, and providing quality risk advice to the business. Your contribution will enable the Group to make risk-based decisions efficiently to enhance the overall supplier risk exposure. **Roles & Responsibilities:** - Adhere to the Groups Supplier Lifecycle policy and procedures. - Conduct quality reviews of inherent risk assessments done by the Business for supplier arrangements/services. - Act as a trusted advisor to the business, reviewing and advising on the outcome of multiple control programs such as Data, Privacy, Cyber, Technology, etc. - Provide risk advice regarding supplier sourcing, contracts, controls, and performance. - Participate in supplier governance meetings and Supplier Risk & Controls (SRC) team meetings effectively challenging the status quo. - Maintain accurate supplier risk profiles, ensure compliance with regulatory obligations, and support SRC leadership in managing a portfolio. - Collaborate with internal and external stakeholders for timely and effective execution of Control Assessment Program (CAP) including testing of supplier environments. - Review and leverage third party reliance reports like SOC2 Type 2, PCI DSS, SSAE, and translate results into outcomes. - Perform walkthrough on the test of design and evaluate the test of operating effectiveness through sampling methodology. - Document information accurately, translate outcomes into test results and observations, and convey results with suppliers and business partners. - Ensure compliance with the Groups Supplier Lifecycle, CAP Standards, R