Information Security Risk Management Lead

Job Description

Our client’s success is our success. And you make it happen! 

Payment systems are complex, regulated and everchanging. We are an established market leading brand who are focused on driving client growth. We’re at the forefront of innovation punching above our weight. We’re enabling the future for our clients through innovative technology like the New Payments Platform (NPP) and open banking. 

We are an unlisted public company and one of five licensed banks in Australia with full direct connectivity and production capability across all domestic payment systems. Whilst the major banks leverage this capability for their consumer and business clients, our B2B model focuses on enabling other banks, fintech’s and corporates to deliver innovative and competitive payment and digital solutions to their clients and customers. 

We are looking for an Information Security Risk Management Lead in our Group Risk and Compliance Team. 

Reporting to the Head of Operational Risk and Compliance, the Information Security Risk Management Lead is responsible for technology risk advisory, review/challenge, oversight and monitoring over information security and data risk frameworks and how it is operationalised. 

This is a highly visible role in the business ensuring technology risks are effectively identified, assessed, managed and monitored across Cuscal. Responsibilities of the Information Security Risk Management Lead in the team’s capacity as the second line of defence under the Risk Management Framework fall into four key areas: 

1) Technology Risk Management Framework Advisory, Oversight and Monitoring 

• Ensure Information Security Risks (technology and cyber) and Data risks are adequately managed through Cuscal’s frameworks in line with regulatory requirements (e.g. CPS 234,230, CPG 235 etc.), industry best practices and operating environment in line with three lines of defence
• Ensure line 2 risk management capability is built and sustained to review, challenge, oversight and assurance reinforcing and maturing line 1 accountability with the business owners
• Work collaboratively with Product domains, Engineering and corporate functions to embed technology risk management practices into everyday activities, embed controls, and monitor/report on issues.
• Foster a risk culture that promotes open communication, transparency, and ownership of risk at all levels of the organisation
• Risk Reporting & Analytics: Provide insights derived from technology and data risk reporting to the Board and Executive Leadership Team

2) 2nd Line Review, Challenge and Oversight 

• Review and challenge risk/RiC assessments, adequacy and effectiveness of risk mitigation strategies, controls, and action plans implemented by 1st line teams.
• Critically assess incidents, breaches, and near misses to identify systemic issues and recommend appropriate remediation actions.
• Ensure the continuous improvement of risk management practices by engaging with business units to provide constructive feedback and challenge assumptions.
• Act as a trusted advisor to senior leadership and business units on operational risk matters, including emerging risks, regulatory changes, and industry trends.
• Drive education and training programs to elevate operational risk awareness and capabilities across the organisation.
• Collaborate with product, client, and technology teams to ensure operational risk considerations are integrated into new initiatives, system changes, and major projects.
• Line 2 support for assessments of third-party technology risks and controls.

3) Emerging Risks and Innovation 

• Stay informed about the latest developments in AI and other emerging technologies to proactively identify potential risks. Support Cuscal teams in rapidly adopting new technologies in a safe and controlled manner.
• Review/provide oversight over initiatives to automate technology risk & controls monitoring processes using advanced tools and technologies.
• Promote a culture of innovation in risk management practices, encouraging the adoption of new approaches and technologies.

4) Stakeholder Engagement 

• Work closely with internal and external stakeholders as required, to ensure a cohesive approach to technology risk management.
• Develop and deliver training programs to enhance technology risk awareness and competency across Cuscal.
• Promote and drive a positive risk culture to lift overall risk management maturity across Cuscal.

About You 

To be successful in this position you will have the following skills and experience: 

• Bachelor’s degree in information technology, Information Systems, Risk Management, Cybersecurity, Computer Engineering, or a related field. Relevant certifications (e.g., CRISC, CISA, CISSP) are desirable.
• Minimum of 4-6 years of experience in technology risk management within the financial services industry.
• Strong knowledge of risk management and IT frameworks and standards such as ITIL, ISO 27001, NIST, COBIT, and relevant APRA guidelines (CPS234, CPG235, CPS230, CPS220)
• Demonstrated experience in managing risks associated with AI, machine learning, and other emerging technologies.
• Prior experiencing leading risk maturity uplift at another organisation within a function, business unit or risk class.
• Strong project management skills, including planning, execution, and stakeholder management.

What’s it like to work here? 

As well as good pay and a great culture, we back our employees by helping them work towards industry-recognised qualifications, using online learning, training modules and career planning tools for you to grow with us. We are committed to providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. We support our colleagues with flexible work arrangements through our hybrid model whilst also offering a wide range of financial, lifestyle, health & wellbeing benefits. 

Next Step 

If you think this role is the right fit for you, we invite you to apply. Let’s explore who you are and what drives you. We’d love to share our vision for the future of payments sector. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert. 

Cuscal does not accept unsolicited resumes from recruitment agencies and search firms. Please do not email or send unsolicited resumes to any Cuscal employee, location or address. 

Read Full Description