At CommBank we are proud to support flexibility, let’s discuss what this means for you” The Commonwealth Bank of Australia (Bank) is Australia's leading provider of integrated financial services. They are committed to continuously improving governance practices and ensuring that they are aligned with business, stakeholders and customers’ needs. Group Audit and Assurance (GA&A) are the internal audit function for the Group. Their primary purpose is to provide independent and objective assurance of the effectiveness of the Groups risk management, controls and governance processes.  Evolving customer expectations, competitive threats and pace of change require GA&A to support the business with new insights and risk coverage that puts customers first and to continue to provide insightful assurance to the Board. As digital technology disrupts and transforms entire industries and ways of working, GA&A is committed to keeping pace and continually reimagining themselves with the latest global best technology and innovation. Over the last three years GA&A has increasingly embedded digital assurance into audit activities, injecting Artificial Intelligence (AI) into routine control testing and using digital tools to improve the overall experience for employees.  By reducing administrative overhead, GA&A have increased their teams capacity for high value judgement-based activities and expanded their support to include sharing knowledge and tools that create better risk coverage across the Bank for all Three Lines of Assurance. With global-best digital tools that harness the power of data, analytics and AI, GA&A are delivering smarter, faster and safer outcomes to address current and emerging risks and provide better assurance outcomes for our customers and community. GA&A was recognised as an ABA100 winner for both Risk Management and Business Innovation in The Australian Business Awards 2023. See yourself in our team The Technology and Cybersecurity audit team within the GA&A department provides coverage over the technology portfolio as well as critical projects and IT suppliers across the Bank. The team is structured as a shared service model to provide a centre of excellence for IT audit assurance to the business audit teams. GA&A works closely with senior management and staff across all divisions of the CBA Group, and the external auditors, but maintains independence as part of the corporate governance role. Your contribution will add value by:

• Cultivating a dynamic environment to enable focus on key issues and the details that come with it
• Contributing to high quality audit reports focused on the Group’s technology and cybersecurity controls
• Aiding our stakeholders to make a difference to their business and that protects the Group and our customer Your responsibilities
• Develop comprehensive audit plans for cloud infrastructure, DevOps processes, and engineering practices.
• Conduct thorough assessments of cloud environments, configurations, and deployment pipelines.
• Evaluate security controls, access management, data protection, and compliance frameworks.
• Identify potential risks and vulnerabilities in cloud architecture and services.
• Analyze DevOps workflows and automation tools for potential security gaps.
• Provide guidance and recommendations for maintaining compliance in cloud environments.
• Evaluate infrastructure-as-code (IaC) solutions, CI/CD pipelines, and containerization technologies.
• Document audit findings, recommendations, and risk assessment reports in a clear and concise manner.
• Foster a culture of continuous improvement by sharing knowledge and best practices. In line with CBA Internal Audit Methodology, oversee effective and efficient planning and delivery of audits and assist your Executive Manager in building a dynamic, risk-based Audit Plan to appropriately capture key and emerging risks.
• Effectively support, supervise, and deliver assigned scope areas of the audit from Planning, Fieldwork, Reporting, and through to audit closure including administration of key audit stage-gates in the audit electronic workflow system.
• Solve problems by applying innovative thinking and actively participate in processes to capture and act on innovation ideas, to improve the way we work.
• Draft issues and agree the factual accuracy and ratings with stakeholders, as well support the Executive Manager in preparing simple, pragmatic, and easy to read audit reports and issue logs.
• Create and develop independent and objective relationships within GA&A, the Bank and externally to enable effective knowledge sharing and collaboration. Your skills & experience
• Extensive understanding and experience in cloud and engineering practices, including secure code management, build, test, and deployment practices in cloud environments.
• Strong knowledge of IT areas such as containers, network security, CI/CD, engineering, AWS IAM, and Kubernetes.
• Experience in auditing cloud-based environments is highly desirable.
• Experience with AI is also highly desirable.
• Excellent leadership and interpersonal skills, with the ability to collaborate and influence work cross-functionally, navigating ambiguity while managing multiple audit engagements or priorities simultaneously in a fast-paced, environment, accepting accountability of the process and delivering on commitments.
• Strong communication (written and verbal) and senior stakeholder engagement with the ability to present and influence senior management.
• Capacity to work to a timetable and ability to meet objectives and targets. Your qualifications
• Tertiary qualification in Computer Science, Information Technology product related fields.
• Typically requires 7+ years auditing or relevant experience.
• Professional certifications such as AWS Certified Solutions Architect, Azure Solutions Architect, or Google Cloud Certified Professional preferred.
• Experience in cloud engineering, DevOps practices, or infrastructure security.'
• Familiarity with audit methodologies, risk management frameworks, and regulatory requirements (e.g., GDPR, PCI DSS, SOC 2) - Desirable
• Strong analytical skills, attention to detail, and problem-solving abilities.