Commonwealth Bank
Senior Manager Risk and Controls – Technology, Cyber & AI
Sydney CBD Area · Posted 30 June 2026
Application is handled by Commonwealth Bank. CareerTrees does not store your CV.
Senior Manager Risk and Controls – Technology, Cyber & AI
Marketing & Corporate Affairs | Line 1 Risk
Do work that matters
At Commonwealth Bank, risk management is fundamental to how we protect our customers, our brand and our future.
The Marketing and Corporate Affairs (MCA) Chief Controls Office (CCO) is a Line 1 risk function providing integrated, pragmatic risk services that enable MCA to deliver strong customer and business outcomes safely.
MCA supports the Group to deliver marketing, brand, customer and stakeholder insights, reputation and trust stewardship, government relations, communications and environmental & social priorities. The decisions made here shape trust in CommBank every day.
Impact & contribution
As Senior Manager, Risk and Controls (Technology, Cyber & AI), you will play a critical role in shaping how MCA identifies, manages and enables technology-led innovation safely.
Your focus will be on strengthening the management of technology, cybersecurity and AI-related risks in order to facilitate the fast and safe deployment of MCA’s SaaS-heavy technology roadmap. You will drive risk practices that keep pace with rapid digital, data and AI adoption across MCA.
You will work closely with senior leaders to effectively navigate technology, operational risk and compliance risk frameworks. You will drive a positive, engaged and empowered risk culture that embeds risk thinking into decision-making.
You will help shape how AI risk is identified, governed and embedded as MCA adopts emerging AI-enabled capabilities, balancing innovation with responsible and compliant use.
This role combines strategic influence, technology expertise, a risk-mindset and hands-on execution, with a strong expectation of owning and delivering core Line 1 risk activities end-to-end.
This role reports into senior leadership within the MCA Chief Controls Office and partners closely with Executive stakeholders across Marketing, Corporate Affairs and Environment & Social.
Key responsibilities
You will partner with the business to deliver a comprehensive and integrated Line 1 risk service, including:
Defining and actively managing MCA’s technology, cyber and AI risk profile, including identification, assessment and remediation of operational and compliance risks.
Leading end-to-end delivery of core Line 1 risk framework activities, including RCSAs, CSAs and CMRS, from scoping and facilitation through to documentation, review and uplift.
Owning risk artefacts (not just reviewing/advising), ensuring they are high quality, actionable and aligned to ORMF expectations.
Providing trusted, pragmatic risk advice to senior MCA stakeholders, balancing innovation, speed and control.
Acting as a key risk partner in technology change, digital initiatives, SaaS implementations and AI-enabled use cases, ensuring risks are understood and managed early.
Identifying risk and control gaps and driving these through to resolution, including escalation through governance forums where required.
Supporting robust governance outcomes, including preparation for and contribution to MCA Non-Financial Risk Committee forums.
Strengthening risk practices across MCA, including improving consistency, clarity and execution of risk framework activities.
Developing risk capability across the business, lifting risk maturity and embedding a proactive risk culture.
What we’re looking for
We’re interested in hearing from people who bring:
Technology, cyber, AI & SaaS risk experience
Experience managing technology, cyber and/or AI risks in complex environments
Exposure to SaaS platforms and third-party risk considerations, including assessing and challenging risk positions
Ability to support modern technology delivery (including fast-paced and AI-enabled environments) with practical, risk-based solutions
Strong Line 1 execution capability
Experience across risk lifecycle activities (eg. RCSA, incidents, issues, governance and reporting)
Sound to strong understanding of Operational Risk Management Frameworks and non-financial risk practices
Confidence contributing to governance forums and driving risk outcomes through formal channels
Problem solving & delivery mindset
Proven ability to identify risk and control gaps and see them through to resolution
Structured approach to prioritisation, balancing materiality, stakeholder impact and delivery timelines
Comfortable operating in a fast-paced, evolving environment with competing priorities
Stakeholder engagement & influence
Strong stakeholder management skills, with the ability to partner closely with business and technology teams
Ability to influence senior stakeholders and provide balanced, commercially aware risk advice
Communication & impact
Clear, structured and concise communication style
Ability to respond directly to questions and articulate risk positions with clarity and impact
Strong ability to tailor messaging for both technical and non-technical audiences
Motivation & alignment to MCA
A genuine interest in working within Marketing & Corporate Affairs and understanding how risk supports brand, reputation and customer outcomes
Desire to operate as a hands-on Line 1 practitioner, embedded in the business and close to delivery
Why this role is distinct
This role reflects a broader shift in how Risk operates - toward a more connected, insight-driven and commercially aware practitioner model.
You will have the opportunity to influence not only risk outcomes, but also how risk is embedded within a highly visible and dynamic business unit.
You will work at the intersection of technology, cyber, AI and brand risk, helping shape safe innovation in a part of the bank that directly impacts customer trust and reputation.
You will join a team that values thoughtful challenge, accountability and practical delivery - where strong judgement, clear communication and hands-on execution are critical to success.
We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in.
If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.
We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.