EMPLOYMENT

This is a Control Manager - Identity and Access Management role with Commonwealth Bank based in Sydney, NSW, AU Commonwealth Bank Role Seniority - mid level More about the Control Manager - Identity and Access Management role at Commonwealth Bank Manager – Identity Lifecycle Controls: 12 month Max term Contract. You are a problem solver with an extensive background in Cyber Security Controls or Cyber Security Risk. We are one of the best and most advanced Cyber Security teams in Australia. Together we can contribute to protecting the group, its customers and community. Your business: The Technology division delivers the Group’s information technology and banking operation functions to ensure the highest levels of customer service through world-class process excellence and technology innovation. Cyber Security protects the bank and our customers from theft, loss and risk events, through effective and proactive management of cyber security, privacy and operational risk. We support our people with the flexibility to balance where work is done, with at least half your time each month connecting in the office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work for you. Your new team: The Cyber Controls Chapter Area plays a crucial function within the Group Security division being responsible for designing and deploying effective cyber control capabilities and overseeing continuous improvement of the Group’s cyber risk profile. The Identity Lifecycle Management team, part of the Cyber Control Chapter, manages core cyber security controls related to the identity and access landscape. The team leads the control design, governance and drives improvements across complex user and non-human identity ecosystems to ensure effective mitigation of identity related risk. Your impact and contribution: As Manager – Identity Lifecycle Controls, you’ll lead the design and continuous improvement of controls that manage identity risks across the Group. Your initial focus will be on Segregation of Access and Role Based Access Management, while also supporting the broader identity and access control environment — spanning user lifecycle management and non-human access management. You’ll help ensure our identity and access controls remain robust and adaptable as technology, risk, and business needs evolve. Your responsibilities will include: Own the design of identity lifecycle controls, delivering control strategies and roadmaps to manage existing and evolving business risks. Uplift control definitions, guidance, and policies to appropriately mitigate risk and support adoption across the Group. Partner with delivery functions to quality-assure control implementation, ensuring alignment with risk and control requirements. Proactively identify risks relating to how identity access is managed and define strategies to mitigate them, including tracking and closing known design gaps through established risk management processes. Develop and maintain performance, risk, and assurance metrics – Create and manage Key Risk Indicators (KRIs), Design and Operating Effectiveness (DE/OE) ratings, and test indicators in partnership with audit and assurance teams to enable automated monitoring, evidence-based assurance, and regular reporting on control performance. Educate the Identity Lifecycle team, business stakeholders, and delivery teams on the importance of an adequate control environment. We are interested in people who: We’re looking for someone who can connect the dots between governance, technology, and control design. You’ll bring: Experience in Identity and Access Management or cyber risk and control management within a large, complex organisation. A strong understanding of Identity Role Based Access Management and Segregation of Access Management frameworks, with the ability to apply and scale them effectively. Broader exposure to Identity Governance, User lifecycle Management, Non-Human Access Management, Privileged Access Management, or related security controls. A track record in designing, assessing, and improving control environments. Strong stakeholder engagement skills and the confidence to influence across technology and business domains. If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career. We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696. Advertising End Date: 14/12/2025 Before we jump into the responsibilities of the role. No matter what you come in knowing, you’ll be learning new things all the time and the Commonwealth Bank team will be there to support your growth. Please consider applying even if you don't meet 100% of what’s outlined Key Responsibilities Owning the design of identity lifecycle controls Uplifting control definitions and policies Partnering with delivery functions Key Strengths ️ Cyber Security Controls Identity and Access Management Stakeholder Engagement Identity Governance Control Environment Design ⚠️ Risk Management Why Commonwealth Bank is partnering with Hatch on this role. Hatch exists to level the playing field for people as they discover a career that’s right for them. So when you apply you have the chance to show more than just your resume. A Final Note: This is a role with Commonwealth Bank not with Hatch.