Risk Manager - Security, Cloud and Architecture Risk

What will you bring?

 

 

To succeed in this role, you will bring seasoned cyber risk judgement, strong technical credibility and the confidence to provide clear, independent challenge in complex, high-stakes environments:

 

• Significant experience in information security, cyber risk, compliance and/or assurance within a complex, enterprise technology environment.
• A strong understanding of information security risk and control frameworks, and the judgement to apply them pragmatically to deliver sound risk outcomes, including ISO 27001, NIST CSF, APRA CPS 234, SOCI and Essential Eight.
• Demonstrated operational proficiency in the MITRE ATT&CK framework, complemented by a comprehensive understanding of the cyber kill chain, threat mapping, and threat modelling, would be desirable.
• Extensive experience in control assessment, security assurance and independent oversight of remediation activity, risk acceptances and control uplift.
• A highly analytical mindset, with the ability to draw meaningful insight from security risk data such as incidents, vulnerabilities, KRIs and audit findings to shape risk opinions and prioritisation.
• Excellent interpersonal, verbal and written communication skills, with the ability to translate complex technical and risk issues into clear, decision-ready messages.
• Strong business and commercial acumen, with sound judgement in forming balanced, evidence-based risk opinions and recommendations.
• Excellent relationship management skills, with a track record of building trust, working effectively across functions and influencing senior stakeholders in complex environments.
• Strong negotiation, influencing and conflict management skills, with the maturity to challenge constructively and hold a clear position when required.
• The confidence to own your view, provide independent challenge professionally and maintain credibility in demanding stakeholder environments.
• Tertiary qualifications, ideally complemented by professional and/or postgraduate study, with strong technically relevant skills and a sound understanding of technology risk.
• Desirable certifications include CISSP, CISM, CRISC, CCSP, ISO/IEC 27001 Lead Implementer or Lead Auditor, and relevant cloud security credentials such as AWS or Azure Security.
• Proven experience, typically gained over 15+ years in information security, technology risk, compliance or related disciplines, with demonstrated capability to influence senior stakeholders and shape stronger risk outcomes.

 

You’re not expected to have 100% of these skills. At ANZ a growth mindset is at the heart of our culture, so if you have most of these things in your toolbox, we’d love to hear from you.