Senior Manager - Supplier Risk and Controls

At CommBank, we never lose sight of the role we play in other people’s financial wellbeing. Our focus is to help people and businesses move forward, to progress. To make the right financial decisions and achieve their dreams, targets and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas and energy all contribute to the impact that we can make with our work. Together we can achieve great things.

Do work that matters

CommBank is recognised as leading the industry in IT and operations with its world-class platforms and processes, agile IT infrastructure, and innovation in everything from payments to internet banking and mobile apps.

See yourself in our team

We are seeking a Senior Manager – Supplier Risk & Controls to lead the delivery of high-quality risk outcomes across a portfolio of critical third-party suppliers.

This role sits within the Supplier Risk & Controls (SR&C) function, a specialist team responsible for ensuring supplier engagements are managed safely, effectively, and in line with regulatory expectations across the full supplier lifecycle

As a portfolio lead, you will combine deep risk expertise, strong stakeholder engagement, and hands-on execution—owning end-to-end supplier risk activity from onboarding through to ongoing assurance and remediation.

This is a permanent role based in Sydney. We also offer remote working and a flexible workplace.

In any given week your responsibilities may include to:

The purpose of the Supplier Risk component of this role is to assess, develop and enhance the management of risk in supplier arrangements used across CBA Group.

You will be responsible for ensuring that the risk management activities and controls relating to suppliers meets the Group’s internal requirements and external regulations (including the Operational Risk Management Framework, Compliance Risk Management Framework and the Group’s Risk Appetite Statements, and CPS230 and equivalent standards).

Specific responsibilities:
 

Portfolio ownership and leadership

• Lead a defined portfolio of suppliers, accountable for the quality and timeliness of all risk activities delivered

• Provide oversight and guidance to case managers delivering supplier risk assessments and control testing

• Manage capacity, prioritisation, and delivery outcomes across your portfolio

Supplier risk assessment and profiling

• Oversee and review Supplier Risk Profiles and Risk Memos to support business decision-making

• Ensure risks are identified, assessed, and clearly articulated in line with Group frameworks

• Drive consistency and quality in risk documentation and approvals

Control assurance and testing

• Lead oversight of control programs and supplier control testing activities

• Ensure control are accurately tested and deficiencies are identified, escalated, and addressed

• Provide insights on systemic control weaknesses and emerging risk themes

Stakeholder engagement and advisory

• Act as a trusted advisor to Business Owners, Risk, Procurement, and senior stakeholders

• Facilitate discussions on supplier risks, control gaps, and remediation strategies

• Lead escalation management for complex or high-risk supplier issues

Governance and regulatory alignment

• Ensure supplier risk activities align to Group frameworks and regulatory expectations (e.g. supplier lifecycle, operational risk standards)

• Support governance forums and provide clear, actionable risk reporting

• Drive improved risk practices and consistency across the organisation

Continuous improvement and transformation

• Identify opportunities to improve the supplier risk operating model, processes, and tooling

• Support initiatives that reduce duplication, improve efficiency, and uplift capability

• Champion a culture of end-to-end ownership and accountability
   

We're interested in hearing from people who:

• Extensive experience in supplier risk, operational risk, or controls assurance

• Strong understanding of third-party risk frameworks and control environments

• >5 years in operational/ technology risk within financial services with proven supplier risk experience

• Sound understanding of information security management, Privacy legislation, ITIL, IT service continuity, IT disaster recovery, business continuity management, and third party control assurance

• Experience leading teams or portfolios delivering risk outcomes at scale

• Experience managing complex stakeholder environments across business and risk functions

• Familiarity with regulatory expectations for outsourcing and third-party risk (e.g. CPS230)

• Sound understanding in dealing with regulatory and compliance issues within a major financial institution, audit firm or other major company

• Ability to analyse trends, identify critical threats and opportunities, diagnose problems and issues and recommend appropriate actions

• Have a passion for Supplier and technology risk and remain up to date on the latest emerging industry trends and disruptive technologies

• CA or CPA degree or any relevant tertiary qualifications in finance or risk management preferred