About Us

At ANZ, we're shaping a world where people and communities thrive, driven by a common goal: to improve the financial wellbeing and sustainability of our millions of customers.

About the Role

Help shape ANZ’s approach to security, cloud and architecture risk in a high-impact Line 2 role.

As part of the Operational Risk and Group Services function, this role provides independent Line 2 oversight of technology risk across security, cloud and architecture domains. This is an outstanding opportunity for a seasoned cyber risk professional to bring deep expertise in technology and cyber risk management, exercise sharp judgement, and deliver high-quality review and challenge on the issues that matter most. You will form credible, valued risk opinions and provide clear insight on control coverage and effectiveness, remediation value, risk-in-change, and cyber security and resilience outcomes. Working closely with senior Group Technology, Cyber Security and Group Risk stakeholders, you will provide pragmatic advice and guidance on material technology and cyber risks and controls, supporting robust governance, assurance, audit and regulatory engagement through clear, evidence-based positions on key risk matters such as identity and access, vulnerability management, cloud security, third-party risk, and cyber incident preparedness, while helping ensure risk-based decisions support resilient operations and regulatory expectations.

Banking is changing and we’re changing with it, giving our people great opportunities to try new things, learn and grow. Whatever your role at ANZ, you’ll be building your future, while helping to build ours.

Role Type: Permanent
Role Location: Melbourne
Work Hours: Full-Time
 

What will your day look like?

As a Risk Manager, Security, Cloud and Architecture Risk (Line 2), you will operate at the centre of ANZ’s technology and cyber risk landscape, bringing experienced judgement, strong stakeholder credibility and a clear, independent voice on the issues that matter:

• Deliver high-quality independent Line 2 oversight, review and challenge across technology and cyber risk domains, forming credible risk opinions on control design and effectiveness, remediation progress, residual risk and risk acceptance.
• Build trusted, high-value relationships with senior Cyber Security, Technology and Risk stakeholders, providing pragmatic advice, constructive challenge and deep expertise in technology and cyber risk management.
• Promote and support disciplined application of the ANZ NFR Framework across Group Technology, strengthening risk ownership, control effectiveness and resilience while helping embed a culture where risk is everyone’s responsibility.
• Provide clear risk insight on major technology change initiatives, ensuring material risks, control gaps and resilience impacts are well understood, clearly articulated and escalated where required.
• Identify, assess and monitor current and emerging technology and cyber risks, including cyber threats, technology change and third-party exposures, ensuring material matters are escalated through the right governance with clarity and impact.
• Act as a trusted subject matter expert in technology and cyber risk frameworks and prudential standards, including ISO/IEC 27001, NIST CSF, CPS 234, SOCI and Essential Eight, guiding their practical application to deliver stronger risk outcomes.
• Lead independent reviews and thematic assessments across areas such as identity and access management, vulnerability management, cloud security, security monitoring and incident readiness, shaping uplift priorities and influencing meaningful remediation outcomes.
• Develop deep risk insight through analysis of risk metrics and indicators, identifying trends, systemic weaknesses and persistent issues to strengthen risk opinions, prioritisation and recommendations.

What will you bring?

To succeed in this role, you will bring seasoned cyber risk judgement, strong technical credibility and the confidence to provide clear, independent challenge in complex, high-stakes environments:

• Significant experience in information security, cyber risk, compliance and/or assurance within a complex, enterprise technology environment.
• A strong understanding of information security risk and control frameworks, and the judgement to apply them pragmatically to deliver sound risk outcomes, including ISO 27001, NIST CSF, APRA CPS 234, SOCI and Essential Eight.
• Demonstrated operational proficiency in the MITRE ATT&CK framework, complemented by a comprehensive understanding of the cyber kill chain, threat mapping, and threat modelling, would be desirable.
• Extensive experience in control assessment, security assurance and independent oversight of remediation activity, risk acceptances and control uplift.
• A highly analytical mindset, with the ability to draw meaningful insight from security risk data such as incidents, vulnerabilities, KRIs and audit findings to shape risk opinions and prioritisation.
• Excellent interpersonal, verbal and written communication skills, with the ability to translate complex technical and risk issues into clear, decision-ready messages.
• Strong business and commercial acumen, with sound judgement in forming balanced, evidence-based risk opinions and recommendations.
• Excellent relationship management skills, with a track record of building trust, working effectively across functions and influencing senior stakeholders in complex environments.
• Strong negotiation, influencing and conflict management skills, with the maturity to challenge constructively and hold a clear position when required.
• The confidence to own your view, provide independent challenge professionally and maintain credibility in demanding stakeholder environments.
• Tertiary qualifications, ideally complemented by professional and/or postgraduate study, with strong technically relevant skills and a sound understanding of technology risk.
• Desirable certifications include CISSP, CISM, CRISC, CCSP, ISO/IEC 27001 Lead Implementer or Lead Auditor, and relevant cloud security credentials such as AWS or Azure Security.
• Proven experience, typically gained over 15+ years in information security, technology risk, compliance or related disciplines, with demonstrated capability to influence senior stakeholders and shape stronger risk outcomes.

You’re not expected to have 100% of these skills. At ANZ a growth mindset is at the heart of our culture, so if you have most of these things in your toolbox, we’d love to hear from you.

So why join us?

From the moment you join ANZ, you'll be doing meaningful work that will shape a world where people and communities thrive.

But it's not just our customers who'll feel your impact. You'll feel it too. Because at ANZ, you'll have the resources, opportunities, and support you need to take the next big step in your career.

We're a diverse bunch at ANZ in different roles, different locations, doing different things. That's why we have a range of flexible working arrangements, so our people can 'make work, work for them'. We also provide a range of benefits including access to health and wellbeing services and discounts on selected products and services from ANZ and more.

At ANZ, you'll be part of an organisation where the different backgrounds, perspectives and life experiences of our people are celebrated. That's because we're committed to building a workplace that reflects the diversity of the communities we serve. We welcome applications from everyone and encourage you to talk to us about any adjustments you may require to our recruitment process or the role itself. If you're a candidate with a disability or access requirement, and have an enquiry about the support provided, please let us know on your application or visit ANZ Accessibility and Inclusion Programs for alternate contact methods.

To find out more about working at ANZ, visit https://www.anz.com.au/careers. You can apply for this role by visiting ANZ Careers and searching for reference number 116141 .
 

Job Posting End Date

05/06/2026 , 11.59pm, (Melbourne Australia)