Senior Consultant Technology and Cyber Risk

Overview of the role:

The Senior Consultant Technology and Cyber Risk will be part of the Technology & Cyber Risk function within the Technology Business Unit and will lead the strategy and execution of Risk Management activities. This role is responsible for ensuring the Technology risk posture remains within TAL’s appetite by overseeing and executing Line 1 Risk management activities and consulting with a variety of stakeholders across Technology and the Business.

Key Accountabilities:

• Provide input into TAL’s Technology Risk Management strategy and yearly plan of activities.
• Risk Management advice and support across all of TAL’s Technology platforms.
• Deliver reporting to TAL’s Technology Leadership team, Risk Office and Board to represent Risk Indicators and significant events that may shift the risk profile. Coordinate activities to complete all reporting requirements by obtaining updates from General Management and the Risk function on risk posture and culture.
• Management of risk remediation activities and reporting of approaching and overdue actions.
• Oversight and management of Incident Management for events that have an external impact to TAL’s customers or partners and support for reportable situations.
• Risk in Change assessments for significant implementations, Cloud workloads, and AI use cases to ensure solutions remain within TAL’s risk appetite and controls.
• Coordination and support for TAL’s annual Risk and Controls Self-Assessment (RCSA) to agree on risk posture and control health in alignment with APRA’s CPS230 standard.
• Co-ordinate and update the Business Continuity Management for Technology to ensure recovery strategies and plans are risk based, appropriate and actionable.
• Documentation and coordination of Risk Acceptance for issues that require leadership acceptance and agreement of remediation activities to bring risks within tolerance levels.
• Stay abreast of regulatory changes and industry best practices to ensure the Technology platform meets regulatory and partner requirements.
• Collaborate with cross-functional teams, including Technology Risk (Line 2), Internal Audit, Legal and Compliance to ensure there is an integrated approach to Technology Risk Management.
• Lead, mentor and develop a team dedicated to Technology Risk Management.
• Support other Cyber Risk teams, as required

Requirements

• Bachelor's degree in Business, Finance, Information Technology, or a related field. Relevant professional certifications (e.g., CISM, CRISC, CISSP) is a plus.
• Minimum of 5 years of experience in Third-Party Risk Management, Technology Risk, Cyber Security, or a related field with proven experience of supporting, implementing and managing risk management programs.
• Strong understanding of regulatory compliance standards (e.g., APRA CPS234 / CPS230, SOX, ISO 27001, NIST CSF, Privacy Act, SOCI, etc.).
• Strong communication skills with the ability to translate risk into business impact.
• Self-starter with strong organisational skills in a highly-adaptive and a fast-paced environment.
• Customer-oriented mindset and ability to apply collaborative approach to achieving business outcomes.
• Thinker and doer with a pragmatic approach to make decisions and at the same time focused on outcomes.
• Ability to lead and motivate both direct and indirect team members, and manage a developing team.