About the role: We’re looking for a Senior Manager to help strengthen how we manage cyber risk across our supplier and third-party landscape. Sitting within the GCS Risk and Governance team in Group Corporate Services, this role works closely with our central Group Cyber Security team to help deliver third-party cyber initiatives, uplift capability, and embed enterprise cyber expectations into practical supplier risk processes. This is not a hands-on technical cyber role. Instead, it’s ideal for someone who is well-versed in cyber security risk including the regulatory environment, understands how cyber controls operate in practice, and enjoys partnering with cyber specialists, risk teams, and the business to get outcomes delivered. What you’ll do: Partner closely with Group Cyber Security to co-deliver third-party cyber initiatives and uplift programs. Help translate enterprise cyber strategies, policies, and standards into practical third-party risk requirements and processes. Support cyber risk assessments for new and existing suppliers, working alongside Cyber experts where deeper technical insight is required. Contribute to improvements across third-party cyber due diligence, ongoing monitoring, issue remediation, and incident preparedness. Build capability within the Supplier Risk team through coaching, guidance, and shared learning. Collaborate with procurement, technology, Line 1 teams, and Operational Risk to support consistent, risk-informed decisions. Support executive and risk-forum reporting with clear, business-focused cyber risk insight. What we’re looking for: Strong experience in cyber security risk, third-party risk, supplier risk, or a related domain. Demonstrated experience working closely with cyber security teams or specialists in a collaborative, delivery-focused way. Ability to translate cyber concepts into clear, pragmatic risk outcomes for non-technical stakeholders. Familiarity with frameworks such as NIST CSF, ISO 27001, CPS 234, SOC reports, or similar. Strong stakeholder engagement skills and a collaborative mindset. Experience in financial services, critical infrastructure, or regulated environments is advantageous but not essential. Cyber or risk certifications (e.g. CISSP, CISM, CRISC, CCSP) are beneficial but not mandatory. Why this role matters: Cyber risk arising from third parties continues to grow in scale and complexity. This role plays a key part in connecting central Cyber expertise with supplier risk practices, helping ensure cyber risks are understood, prioritised, and managed effectively across the organisation. If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career. We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696. Advertising End Date: 06/02/2026