Manager – Identity Lifecycle Controls: 12 month Max term Contract.

• You are a problem solver with an extensive background in Cyber Security Controls or Cyber Security Risk.
• We are one of the best and most advanced Cyber Security teams in Australia.
• Together we can contribute to protecting the group, its customers and community.

Your business:

The Technology division delivers the Group’s information technology and banking operation functions to ensure the highest levels of customer service through world-class process excellence and technology innovation. Cyber Security protects the bank and our customers from theft, loss and risk events, through effective and proactive management of cyber security, privacy and operational risk.

We support our people with the flexibility to balance where work is done, with at least half your time each month connecting in the office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work for you.

Your new team:

The Cyber Controls Chapter Area plays a crucial function within the Group Security division being responsible for designing and deploying effective cyber control capabilities and overseeing continuous improvement of the Group’s cyber risk profile.

The Identity Lifecycle Management team, part of the Cyber Control Chapter, manages core cyber security controls related to the identity and access landscape. The team leads the control design, governance and drives improvements across complex user and non-human identity ecosystems to ensure effective mitigation of identity related risk.

Your impact and contribution:

As Manager – Identity Lifecycle Controls, you’ll lead the design and continuous improvement of controls that manage identity risks across the Group. Your initial focus will be on Segregation of Access and Role Based Access Management, while also supporting the broader identity and access control environment — spanning user lifecycle management and non-human access management.

You’ll help ensure our identity and access controls remain robust and adaptable as technology, risk, and business needs evolve.

Your responsibilities will include:

• Own the design of identity lifecycle controls, delivering control strategies and roadmaps to manage existing and evolving business risks.
• Uplift control definitions, guidance, and policies to appropriately mitigate risk and support adoption across the Group.
• Partner with delivery functions to quality-assure control implementation, ensuring alignment with risk and control requirements.
• Proactively identify risks relating to how identity access is managed and define strategies to mitigate them, including tracking and closing known design gaps through established risk management processes.
• Develop and maintain performance, risk, and assurance metrics – Create and manage Key Risk Indicators (KRIs), Design and Operating Effectiveness (DE/OE) ratings, and test indicators in partnership with audit and assurance teams to enable automated monitoring, evidence-based assurance, and regular reporting on control performance.
• Educate the Identity Lifecycle team, business stakeholders, and delivery teams on the importance of an adequate control environment.

We are interested in people who:

We’re looking for someone who can connect the dots between governance, technology, and control design. You’ll bring:

• Experience in Identity and Access Management or cyber risk and control management within a large, complex organisation.
• A strong understanding of Identity Role Based Access Management and Segregation of Access Management frameworks, with the ability to apply and scale them effectively.
• Broader exposure to Identity Governance, User lifecycle Management, Non-Human Access Management, Privileged Access Management, or related security controls.
• A track record in designing, assessing, and improving control environments.
• Strong stakeholder engagement skills and the confidence to influence across technology and business domains.

Advertising End Date: 14/12/2025