Do you want to be part of using the business of banking as a force for good? Do you want to create positive impact for people and the planet? Bank Australia is the bank for people who want to be part of a movement creating a fairer and more just world.

We’re growing fast as more people choose to align their banking with their values. We’re a customer owned, B Corp certified bank. We empower our staff and 185,000+ customers to be part of the clean money movement.

We currently have an exciting permanent, full-time opportunity for a Senior GRC Analyst to join our highly engaged and professional Information Security department. The Senior GRC Analyst will report to the Manager Information Security.

The Senior GRC Analyst will support Bank Australia’s cyber security assurance and risk management processes across the organisation. As a key member of security, the Senior GRC Analyst will have the opportunity to contribute towards the establishment and maintenance of a well-structured and mature security environment.

Why join us

• We have big plans to become Australia’s most trusted bank and a leading purpose-driven business.

• As a certified B Corp, we’re part of a global business community who meet the highest social and environmental standards, putting purpose over profit.
• Every role and person in our bank is essential to bringing our values, purpose and aspiration to life.
• We offer flexible working options, competitive salary and 12% super.
• Our staff have access to a range of meaningful benefits to support their physical and mental wellbeing including 24/7 free counselling, free flu vaccinations and discounted gym memberships.
• We also support staff with study assistance, paid parental leave (regardless of gender), volunteer, bereavement, gender affirmation and family violence leave; and the opportunity for bonus annual leave.
• We support our staff to grow their careers through learning and development and an organisational culture where we reward and recognise innovation and values, not long hours.
• We are committed to building an inclusive culture and a diverse workforce that reflects the Australian community.
• We are the first bank in the world to care for a conservation reserve – where we work with key partner organisations to protect threatened species and involve staff in conservation.

What you will be doing

• Provide senior leadership support and guidance to other Governance, Risk and Compliance Analysts (GRC)
• Maintain the Bank Australia Information Security Framework in alignment with legal and regulatory requirements
• Ensure and contribute to regulatory compliance including APRA CPS234
• Develop, maintain and review security governance documentation including policies, procedures and guidelines for cyber security
• Provide guidance to ensure compliance with information security policies and standards;
• Maintain the Information Security Risk Register
• Liaise with information system owners to support them in maintaining risk and compliance protocols and progress risk treatment plans
• Contribute to technology strategies and product selections
• Ensure security controls are implemented and tested in alignment with Bank Australia’s information security policies and standards
• Play a lead role in governance, risk and compliance information security reporting
• Manage third party risk including the third party register, third party assessments and third party reporting
• Identify and appropriately manage security risks and drive opportunities to improve security within the Bank Australia environment
• Build strong relationships with internal and external stakeholders to maintain and improve service to business users and enhance knowledge and information sharing.

What you will bring

• One or more related certifications such as CISSP, CEH, CISA, CISM etc.
• Degree in Computer Science or related field
• Solid knowledge of information security principles and practices
• Solid experience in a combination of information security risk management, compliance, governance and IT Audit
• Demonstrated experience in performing information security audits and control assurance activities across security controls
• Demonstrated experience in performing third party security assessment and an understanding of vendor security risk management and assessment practices
• Understanding of security risk and information security vulnerabilities
• Exposure and understanding of cyber security standards NIST Cyber Security Framework, ISO27001, PCI DSS
• Sound knowledge of contemporary information security management trends, tools, practices and concepts
• Familiarity with the banking industry
• Understanding of APRA Prudential Standards relating to cyber security
• Strong knowledge of Cyber Security Infrastructure technologies, best practices and broad knowledge of network security concepts
• An understanding and experience with third party risk management
• An understanding of security technologies that are commonly used to detect, contain or prevent security incidents such as IDS/IPS, Endpoint Security, Firewalls, Content Inspection and SIEM
• Experience in the development, operationalisation and maintenance of security policies, procedures and standards
• Commitment to Bank Australia’s purpose, aspiration, values and brand as well as the B Corp ethos.

By submitting an application you agree to Bank Australia’s Privacy Policy for applicants and confirm that you are legally able to work in Australia. Bank Australia is an equal opportunity employer committed to sustainable development. We encourage people from different backgrounds to apply, including Aboriginal and Torres Strait Islander people, people from different cultural backgrounds and people with disabilities because we want to reflect the diversity of our communities. We are committed to making reasonable adjustments to provide a positive, barrier-free recruitment process and supportive workplace.

Bank Australia reserves the right to withdraw this advertisement at any time. Candidates will be progressed as applications are received, rather than after the advertisement closure date. If you wish to be considered, please submit your application as soon as possible. Please note, the successful candidate will be subject to satisfactory background checks including but not limited to police and previous employment.