Cyber Risk & Compliance Manager Department:
Legal & Compliance Employment Type:
Permanent - Full Time Location:
Sydney Description This role will support the Technology team, collaborating closely with the organisation to implement effective governance, risk management, and compliance strategies for managing the organisations technology, data and cyber risks. The ideal candidate will have a strong understanding of cybersecurity frameworks, regulatory requirements, and technology risk management methodologies. This role will also liaise with other stakeholders such as Line 2 risk, Risk and Compliance, auditors and regulators as needed. Role Responsibilities
Lead on reviewing and developing technology, data and information security risk related policies, standards, and procedures in accordance with business priorities, business initiatives and regulatory requirements such as CPS234 and CPS230. Develop and implement risk management strategies and controls to mitigate identified risks, including third party provider risks, to ensure information security risk within the Betashares supply chain is appropriately managed.
Uplift controls testing framework, conducting planning and controls assessments / testing and assurance. Builds and owns the IT Risk framework / register. Conduct regular risk assessments and audits, including third party supplier assessments where necessary. Populate Technology and Cyber Controls Library / matrix and ensure alignment with Betashares risk matrix. Collaborate with Technology teams to ensure that risk management practices are integrated into day-to-day operations and to ensure they are within risk appetite. Identifies compliance obligations that impact technology and ensures they are managed in projects & BAU. Develop and maintain incident response plans and procedures, ensuring alignment with and advising on, business continuity management across the organisation. Support the technology department in managing and responding to security incidents. Provides assurance over design and operating effectiveness of key controls. Provides oversight and advice to stakeholders on technical and risk matters. Works with projects to ensure that delivery and delivered risks are captured and managed appropriately. Maintains and facilitates the remediation of external and internal audit findings. Ensures that appropriate risk education and training is designed and implemented for IT.
Promotes a culture of risk management awareness and appreciation. Implements strategies to improve IT risk management and practices. Ensure adherence to relevant regulations, standards, and best practices, including ISO27001 and APRA prudential standards and guidelines, reporting compliance status to management. Engagement and responsibility for enhancing the operational risk for IT under CPS230. Professional certification in cyber security, risk management, or auditing (e.g. CISSP, CISM, CRISC, CISA, etc.) Sound understanding of information security risk standards and frameworks such as ISO27001 and NIST. At least 5 years of experience in cyber risk and compliance, preferably in the financial services industry. Familiarity with CPS234 and other relevant regulatory requirements and standards. Experience in developing and maintaining technology, data and information security risk and controls frameworks and documentation. Ability to perform independent and objective assessments of technology and cyber controls. Strong analytical, problem-solving, and communication skills. Ability to work effectively in a team and with multiple stakeholders.
Skills & Experience Professional certification in cyber security, risk management, or auditing (e.g. CISSP, CISM, CRISC, CISA, etc.) Sound understanding of information security risk standards and frameworks such as ISO27001 and NIST. At least 5 years of experience in cyber risk and compliance, preferably in the financial services industry. Familiarity with CPS234 and other relevant regulatory requirements and standards. Experience in developing and maintaining technology, data and information security risk and controls frameworks and documentation. Ability to perform independent and objective assessments of technology and cyber controls. Strong analytical, problem-solving, and communication skills. Ability to work effectively in a team and with multiple stakeholders.
Reasons To Join Us What We Offer Betashares believes our most important asset is our people and we are proud of the culture we have built – but we are always striving to be better. We want every Betashares employee to be doing their best work and developing their careers. In addition to a competitive salary, we also offer:
Continuous career development and training opportunities Access to a health and wellbeing platform with physical, mental, social and financial support programs available. Volunteering days off, so you can contribute to a cause that matters to you. Conveniently located CBD offices with fully stocked kitchens, team breakfasts and catered lunches on a regular basis. Fun and inclusive social events.
Our Values
As our business continues to grow, we're committed to creating a workplace that gives us all the best opportunity to succeed, and that is enjoyable to be a part of. We prize ambition and drive, but equally we value honesty and humility. We support each other, and we respect our clients and our competitors. Innovation is in our DNA, and we are always looking for better ways to do things and are willing to take measured risks and learn from our mistakes along the way. #J-18808-Ljbffr
