Information Security Risk Management Lead
* Full-time
Our client’s success is our success. And you make it happen!
Payment systems are complex, regulated and everchanging. We are an established market leading brand focused on driving client growth. We’re at the forefront of innovation, enabling the future for our clients through innovative technology like the New Payments Platform (NPP) and open banking.
We are an unlisted public company and one of five licensed banks in Australia with full direct connectivity and production capability across all domestic payment systems. Our B2B model focuses on enabling other banks, fintechs, and corporates to deliver innovative and competitive payment and digital solutions to their clients and customers.
We are looking for an Information Security Risk Management Lead in our Group Risk and Compliance Team.
Reporting to the Head of Operational Risk and Compliance, the Information Security Risk Management Lead is responsible for technology risk advisory, review/challenge, oversight, and monitoring over information security and data risk frameworks.
This highly visible role ensures technology risks are effectively identified, assessed, managed, and monitored across Cuscal. Responsibilities of the Information Security Risk Management Lead fall into four key areas:
1) Technology Risk Management Framework Advisory, Oversight and Monitoring
* Ensure Information Security Risks and Data risks are adequately managed through Cuscal’s frameworks in line with regulatory requirements (e.g. CPS 234, 230, CPG 235), industry best practices, and operating environment.
* Ensure line 2 risk management capability is built and sustained to review, challenge, oversight and assurance reinforcing and maturing line 1 accountability with the business owners.
* Work collaboratively with Product domains, Engineering, and corporate functions to embed technology risk management practices into everyday activities.
* Foster a risk culture that promotes open communication, transparency, and ownership of risk at all levels of the organisation.
* Risk Reporting & Analytics: Provide insights derived from technology and data risk reporting to the Board and Executive Leadership Team.
2) 2nd Line Review, Challenge and Oversight
* Review and challenge risk/RiC assessments, adequacy and effectiveness of risk mitigation strategies, controls, and action plans implemented by 1st line teams.
* Critically assess incidents, breaches, and near misses to identify systemic issues and recommend appropriate remediation actions.
* Ensure the continuous improvement of risk management practices by engaging with business units to provide constructive feedback.
* Act as a trusted advisor to senior leadership and business units on operational risk matters.
* Drive education and training programs to elevate operational risk awareness and capabilities across the organisation.
* Collaborate with product, client, and technology teams to ensure operational risk considerations are integrated into new initiatives.
* Line 2 support for assessments of third-party technology risks and controls.
3) Emerging Risks and Innovation
* Stay informed about the latest developments in AI and other emerging technologies to proactively identify potential risks.
* Review/provide oversight over initiatives to automate technology risk & controls monitoring processes.
* Promote a culture of innovation in risk management practices.
4) Stakeholder Engagement
* Work closely with internal and external stakeholders to ensure a cohesive approach to technology risk management.
* Develop and deliver training programs to enhance technology risk awareness and competency across Cuscal.
* Promote and drive a positive risk culture to lift overall risk management maturity across Cuscal.
About You
To be successful in this position you will have the following skills and experience:
* Bachelor’s degree in information technology, Information Systems, Risk Management, Cybersecurity, Computer Engineering, or a related field. Relevant certifications (e.g., CRISC, CISA, CISSP) are desirable.
* Minimum of 4-6 years of experience in technology risk management within the financial services industry.
* Strong knowledge of risk management and IT frameworks and standards such as ITIL, ISO 27001, NIST, COBIT, and relevant APRA guidelines.
* Demonstrated experience in managing risks associated with AI, machine learning, and other emerging technologies.
* Prior experience leading risk maturity uplift at another organisation.
* Strong project management skills, including planning, execution, and stakeholder management.
What’s it like to work here?
We back our employees by helping them work towards industry-recognised qualifications, using online learning, training modules and career planning tools for you to grow with us. We are committed to providing a diverse and inclusive workplace where the best talent in Australia chooses to work. We support our colleagues with flexible work arrangements through our hybrid model whilst also offering a wide range of financial, lifestyle, health & wellbeing benefits.
Next Step
If you think this role is the right fit for you, we invite you to apply. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert.
Cuscal does not accept unsolicited resumes from recruitment agencies and search firms. #J-18808-Ljbffr