This is a Senior Manager Cloud Risk role with Commonwealth Bank based in Sydney, NSW, AU Commonwealth Bank Role Seniority - senior More about the Senior Manager Cloud Risk role at Commonwealth Bank Senior Manager - Cloud Risk CBA’s Technology team are helping build tomorrow’s bank today for our customers. Cloud technologies are a strategic enabler and CBA’s Cloud Enablement and Engineering team are seeking a highly skilled Cloud Risk Specialist to join our multi-disciplinary team. As Senior manager - Cloud Risk, your primary focus will be to address the complexity of CPS230 and support our cloud risk strategy. CPS230 introduces significant ambiguity and heightened resilience requirements, particularly with AWS classified as a material supplier for bank. You need to translate resilience requirements required for Cloud platform, manage senior stakeholders, anticipate and mitigate emerging risks as workloads migrate to AWS Cloud. This uplift ensures compliance, business resilience, and safe adoption of cloud capabilities. Additionally, as a key member of our cloud risk and governance team, you will be responsible for ensuring technology controls are built in the Cloud platforms (AWS/Azure and GCP) and applied consistently in cloud tenant landing zones. You can expect the chance to learn new skills by collaborating with cross-functional teams in Cyber security, architecture, Line 1 and Line 2 risk teams as well as cloud product owners to develop and implement risk mitigation strategies in alignment with industry best practices and regulatory requirements for the bank. Key Responsibilities Embed Technology Controls in Cloud Platforms Ensure technology controls (e.g., IAM, logging, encryption, network security, monitoring) are implemented and consistently applied across all cloud landing zones. Identify any emerging risks associated with migration of critical workloads to Cloud. Drive embedding of controls across Cloud platforms (AWS, Azure, and GCP). Work closely with engineering teams to ensure control effectiveness, automation, and continuous improvement. Operational Resilience & CPS230 Compliance Interpret and operationalise CPS230 requirements as they relate to cloud platforms, particularly for AWS as a material supplier. Translate resilience and operational risk obligations into clear, actionable requirements for cloud engineering and product teams. Drive initiatives to uplift cloud resilience, ensuring adherence to regulatory expectations and industry best practices. Monitor the cloud risk landscape and ensure risk tolerances and controls remain effective as the environment evolves. Manage Stakeholders & Influence Senior Leaders Engage, influence, and provide guidance to senior technology, risk, and business stakeholders on cloud risk matters. Communicate complex regulatory and cloud risk concepts in a clear and actionable manner to senior leaders. Support decision-making relating to cloud controls, and resilience posture. Partner Across Risk, Cyber, Architecture & Cloud Teams Act as a central point of expertise, collaborating with Cyber Security, Architecture, Line 1 and Line 2 Risk, cloud product owners, and engineering teams. Drive cross-functional alignment to ensure risks are understood and addressed holistically. Facilitate knowledge sharing and uplift in cloud risk awareness across the organisation. Support the Enterprise Risk Community Provide guidance and support to risk managers across the bank on cloud risk topics. Help uplift cloud risk capability across the broader risk community, ensuring consistent practices and understanding. Contribute to building a strong cloud risk culture and supporting effective technology risk management across CBA. Present your work to peers in your immediate team and across CBA’s broader Risk, Cyber and Engineering community. Qualifications & Skills Experience working in large-scale, regulated financial institutions or other APRA-regulated environments. Cloud knowledge, experience working with AWS is preferable with Azure and other Cloud technologies considered- Advanced certifications (e.g., AWS Certified Security - Specialty) are a plus. Deep understanding of AWS services, architectures, and associated security risks. Familiarity with operational resilience and regulatory frameworks (e.g. CPS 230) and their implications on Cloud platforms. Knowledge of cloud automation, DevSecOps practices, or infrastructure-as-code (IaC) (e.g., Terraform, CloudFormation) as they relate to implementing and validating controls. Strong analytical, critical thinking and problem-solving skills, with the ability to communicate complex security concepts to technical and non-technical audiences. Excellent communication skills and proven quality stakeholder engagement skills A proven ability to plan and work on outcomes as well as make improvements to processes which lead and result in automation of risk and control assessment in cloud. If you are passionate about cloud security, possess a deep understanding of current and emerging cloud related risks, and thrive in a collaborative and innovative environment, we invite you to apply for this challenging and rewarding position. Please note: Our Talent Acquisition team will be taking a scheduled break over the festive period beginning 19 December. We will resume reviewing applications and responding to enquiries from January 2026. We appreciate your understanding and patience during this time and wish you a safe and enjoyable holiday season. If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career. We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696. Advertising End Date: 09/01/2026 Before we jump into the responsibilities of the role. No matter what you come in knowing, you’ll be learning new things all the time and the Commonwealth Bank team will be there to support your growth. Please consider applying even if you don't meet 100% of what’s outlined Key Responsibilities Embedding technology controls in cloud platforms Operational resilience & CPS230 compliance Managing stakeholders & influencing senior leaders Key Strengths ☁️ Cloud knowledge Operational resilience Analytical skills ⚙️ Cloud automation Stakeholder engagement Process improvement A Final Note: This is a role with Commonwealth Bank not with Hatch.