Do you want to be part of using the business of banking as a force for good? Do you want to create positive impact for people and the planet? Bank Australia is the bank for people who want to be part of a movement creating a fairer and more just world.

We’re growing fast as more people choose to align their banking with their values. We’re a customer owned, B Corp certified bank. We empower our staff and 185,000+ customers to be part of the clean money movement.

We currently have an exciting opportunity for an Information Security Governance, Risk and Compliance Analyst to support Bank Australia cyber security assurance and risk management processes across the organisation. As a key member of the security, you will have the opportunity to contribute towards the establishment and maintenance of a well-structured and mature security environment.

You will work with a range of stakeholders across the business providing information security compliance and risk management support and guidance. Additionally, you will manage cyber security policies and standards, ensure they are periodically updated and aligned them with the overall Bank Australia Information Security Policy framework.

Why join us

• We have big plans to become Australia’s most trusted bank and a leading purpose-driven business.
• As a certified B Corp, we’re part of a global business community who meet the highest social and environmental standards, putting purpose over profit.
• Every role and person in our bank is essential to bringing our values, purpose and aspiration to life.
• We offer flexible working options, competitive salary and 13% super.
• Our staff have access to a range of meaningful benefits to support their physical and mental wellbeing including 24/7 free counselling, free flu vaccinations and discounted gym memberships.
• We also support staff with study assistance, paid parental leave (regardless of gender), volunteer, bereavement, gender affirmation and family violence leave; and the opportunity for bonus annual leave.
• We support our staff to grow their careers through learning and development and an organisational culture where we reward and recognise innovation and values, not long hours.
• We are committed to building an inclusive culture and a diverse workforce that reflects the Australian community.
• We care for a conservation reserve – where we work with key partner organisations to protect threatened species and involve staff in conservation.

What you will be doing

• Assist with maintaining the Bank Australia Information Security Framework in alignment with legal and regulatory requirements.
• Contribute to regulatory compliance including APRA CPS234.
• Support the organisation in ensuring compliance with security policies and standards.
• Support in maintaining the Information Security Risk Register.
• Perform information security control tests for design and effectiveness and security controls are implemented and tested in alignment with Bank Australia’s information security policies and standards.
• Support tracking, remediation and closure of audit and assurance activities.
• Contribute to governance, risk and compliance information security reporting.
• Conduct third party risk assessment including maintaining the third-party register, third party assessments and third-party reporting.
• Identify and appropriately document security risks and issues.
• Build strong relationships with internal and external stakeholders support information security risk management process.
• Consult as the technical expert with stakeholders to deliver outcomes that satisfy Bank Australia’s business needs.

What you will bring

• Understands, communicates and personally lives the Bank Australia values and contributes in an active, positive and influential way to optimising the culture of the organisation.
• One or more related certifications such as CISSP, CEH, CISA, CISM.
• Solid knowledge of information security principles and practices.
• Extensive experience in a combination of information security risk management, compliance, governance and IT Audit.
• Experience in performing information security audits and control assurance activities across security controls.
• Understanding of security risk and information security vulnerabilities.
• Understanding of cyber security standards NIST Cyber Security Framework, ISO27001, PCI DSS would be an advantage.
• Knowledge of contemporary information security management trends, tools, practices and concepts.
• Understanding of APRA Prudential Standards relating to cyber security.
• Knowledge of Cyber Security Infrastructure technologies, best practices and broad knowledge of network security concepts.
• An understanding with third party risk management.
• An understanding of security technologies that are commonly used to detect, contain or prevent security incidents such as IDS/IPS, Endpoint Security, Firewalls, Content Inspection and SIEM.
• Strong communications skills – both verbal and written, being able to share knowledge and educate others.
• A self-starter mentality and assume responsibility and ownership for a range of activities and tasks and willing to learn
• Commitment to Bank Australia’s purpose, aspiration, values and brand as well as the B Corp ethos.

By submitting an application you agree to Bank Australia’s Privacy Policy for applicants and confirm that you are legally able to work in Australia. Bank Australia is an equal opportunity employer committed to sustainable development. We encourage people from different backgrounds to apply, including Aboriginal and Torres Strait Islander people, people from different cultural backgrounds and people with disabilities because we want to reflect the diversity of our communities. We are committed to making reasonable adjustments to provide a positive, barrier-free recruitment process and supportive workplace.

Bank Australia reserves the right to withdraw this advertisement at any time. Candidates will be progressed as applications are received, rather than after the advertisement closure date. If you wish to be considered, please submit your application as soon as possible. Please note, the successful candidate will be subject to satisfactory background checks including but not limited to police and previous employment.