About the team:

The Business Banking (BB) Chief Controls Office (CCO) focus is on driving simple, proactive risk management to enable BB’s sustainable growth. Our objectives include building safer, better foundations for our customers through providing end-to-end risk and control service, including effective design & implementation of controls, reduced privacy risk exposure, enhanced ways of working, and better risk hygiene behaviours.

The Privacy team supports the BB CCO strategy and our Lines of Business (LoBs) by providing:

• skilled Subject Matter Expert (SME) knowledge on Privacy risk and compliance,

• driving and delivering privacy impact assessments,

• business advice including control recommendations, and

• uplifting privacy capabilities across BB

Do work that matters: 

The position of Manager Risk and Controls – Privacy will support the ongoing management of privacy risk within BB CCO and bring risk management experience, awareness, and support to all our LoBs.

On any given day you will: 

• Act as the first point of contact for supporting BB Lines of Business in providing advisory support on our Group obligations in handling of personal information, including collection, use, storage and disclosure.

• Conduct Privacy Impact Assessments (PIAs) and other privacy reviews across new and existing projects, ensuring alignment with internal privacy standards and regulatory requirements.

• Support Privacy related regulatory and policy changes into BB, including the interpretation of new legislative requirements, assessing impacts to business processes, providing subject matter input and assisting with any uplift activities.

• Assist in developing, maintaining, and promoting internal privacy and privacy related standards, processes, and training.

• Contribute to the continuous improvement of the privacy knowledge and risks awareness, including uplifting privacy capabilities across BB. 

• Manage reporting on relevant Privacy management related matters, including metrics, KRIs, issues, incidents, and risks. 

• Review third‑party engagements and supplier assessments for privacy obligations and residual risk considerations.

• Partner and build strong stakeholder relationships with the Group Privacy Office, Line 2 Privacy Compliance, Products and Line 1 Risk teams to ensure privacy requirements are embedded into solution design and business processes.

We're interested in hearing from people who have: 

• Solid understanding of privacy principles - Previous experience in applying and advising on privacy principles in practical situations is preferable.

• Risk mindset and awareness – Ability to understand and anticipate potential impacts on how certain personal information handling decisions can create privacy, regulatory, operational, and reputational risk across the business, including with third parties.

• Analytical, critical and strategical thinking to solve problems – Ability to exercise sound judgement when advising on complex privacy problems and recommend practical solutions to businesses to buy down privacy risks.

• Strong communication skills - Ability to provide clear and concise written and verbal advice to various stakeholders, effectively translating complex information into easily understandable terms.

• Time management and prioritisation - Manage workload efficiently by balancing multiple priorities, sequencing tasks appropriately, and adapting to changing demands while consistently maintain high‑quality delivery and advice.

• Technical skills and knowledge base in Operational Risk and Compliance related activities / functions is preferable.  

Working at CommBank 

• At CommBank, we support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in.

Advertising End Date: 24/02/2026