Supplier Risk and Controls Senior Analyst

Organization: At CommBank, we never lose sight of the role we play in other people’s financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things.

Job Title: Supplier Risk & Controls Senior Analyst (Similar requirements as REQ236402, hence not posted)
Location: Bengaluru - Manyata Tech Park

Business & Team: CommBank is recognized as leading the industry in IT and operations with its world-class platforms and processes, agile IT infrastructure, and innovation in everything from payments to internet banking and mobile apps. To achieve this competitive advantage and deliver better customer outcomes we have a dependency on a range of Suppliers providing products and services.
The newly restructured Supplier Risk & Controls (SRC) team part of Group Corporate Services supports the CommBank Group to deliver supplier risk and control assurance practice. Supplier Risk & Controls (SRC) is a Centre of Excellence responsible for managing supplier risk for (T0, T1 & T2 Services) all business units in CommBank. The team consists of supplier risk management and control testing experts operating across local and international offices. SRC partners with the business, including Project and Portfolio Managers, Service Owners, Business Owners, Chief Controls Office, Privacy, Cyber Security and other relevant risk domain SME’s, to fulfil our risk management responsibilities related to suppliers.

Impact & contribution: This role is to support the supplier risk agenda at CommBank, primarily through the execution of supplier risk assessments and providing quality risk advice to the business. The contribution of this role will allow the Group to make risk-based decisions with agility to improve the Group’s overall supplier risk exposure.

Roles & Responsibilities: This position will-

• Adhere with the Group’s Supplier Lifecycle policy and procedures.
• Conduct quality reviews of inherent risk assessments performed by the Business for supplier arrangements/services.
• Act as a trusted advisor to the business Review and advise on the outcome of the multiple control programs such as Data, Privacy, Cyber, Technology etc.
• Provide risk advice relating to supplier sourcing, contracts, controls, and performance.
• Participate in supplier governance meetings and Supplier Risk & Controls (SRC) team meetings and contribute effectively to challenge the status quo
• Maintain accurate supplier risk profiles, manage compliance with applicable regulatory obligations, and provide direct support to SRC leadership in managing a portfolio.
• Work with internal and external stakeholders to ensure timely and effective execution of Control Assessment Program (CAP) including testing of supplier environments across multiple regions.
• Review and leverage third party reliance reports such as SOC2 Type 2, PCI DSS, ASAE etc., and translate the results into outcomes
• Perform walkthrough on the test of design and effectively evaluate the test of operating effectiveness through sampling methodology
• Document information accurately and completely. Translate the outcome into test results and observations and convey the results with the supplier and business partners.
• Ensure compliance with the Group’s Supplier Lifecycle, CAP Standards and procedures and Risk policy and procedures
• Demonstrate a strong understanding of the COSO framework, SOC reports (SOC2, Type 1, 2), ISMS reports, and their relevance to IT General Controls, IT Application Controls, Technology and Cyber Controls, Financial Risk and Operational Risk.

Essential Skills:

• At least 5+ years' work experience in the Financial Services industry in IT Audit, Compliance or consulting environments.
• Experienced in Supplier, Operational Risk or Technology risk management and Control Assurance testing preferred. Previous experience in Non-Financial Risk/IT, Operational Risk, or Compliance desired.
• Strong understanding of information security management, privacy, IT service continuity, IT disaster recovery, business continuity management, and third-party control assurance.
• Excellent communication skills, written and verbal, and confidence dealing with senior stakeholders.
• Effective time management with strong planning and organizational skills.
• Knowledge of current applicable regulatory requirements relevant to regulated financial institutions. Familiarity with APRA standards (not limited to CPS220, 231, 230, 232);

Education Qualification:

• Bachelor's degree/Master’s degree in Arts, Business Management, Computer Applications, Business Administration or Commerce
• Certification like CISA, CRISC, CGEIT, CISM, COBIT, or ISO27001 would be preferrable.

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.

Advertising End Date: 23/08/2025