At CommBank, we never lose sight of the role we play in other people’s financial wellbeing. Our focus is to help people and businesses move forward, to progress. To make the right financial decisions and achieve their dreams, targets and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas and energy all contribute to the impact that we can make with our work. Together we can achieve great things.
Do work that matters
CommBank is recognised as leading the industry in IT and operations with its world-class platforms and processes, agile IT infrastructure, and innovation in everything from payments to internet banking and mobile apps.
See yourself in our team
We are seeking a Senior Manager – Supplier Risk & Controls to lead the delivery of high-quality risk outcomes across a portfolio of critical third-party suppliers.
This role sits within the Supplier Risk & Controls (SR&C) function, a specialist team responsible for ensuring supplier engagements are managed safely, effectively, and in line with regulatory expectations across the full supplier lifecycle
As a portfolio lead, you will combine deep risk expertise, strong stakeholder engagement, and hands-on execution—owning end-to-end supplier risk activity from onboarding through to ongoing assurance and remediation.
This is a permanent role based in Sydney. We also offer remote working and a flexible workplace.
In any given week your responsibilities may include to:
The purpose of the Supplier Risk component of this role is to assess, develop and enhance the management of risk in supplier arrangements used across CBA Group.
You will be responsible for ensuring that the risk management activities and controls relating to suppliers meets the Group’s internal requirements and external regulations (including the Operational Risk Management Framework, Compliance Risk Management Framework and the Group’s Risk Appetite Statements, and CPS230 and equivalent standards).
Specific responsibilities:
Portfolio ownership and leadership
Lead a defined portfolio of suppliers, accountable for the quality and timeliness of all risk activities delivered
Provide oversight and guidance to case managers delivering supplier risk assessments and control testing
Manage capacity, prioritisation, and delivery outcomes across your portfolio
Supplier risk assessment and profiling
Oversee and review Supplier Risk Profiles and Risk Memos to support business decision-making
Ensure risks are identified, assessed, and clearly articulated in line with Group frameworks
Drive consistency and quality in risk documentation and approvals
Control assurance and testing
Lead oversight of control programs and supplier control testing activities
Ensure control are accurately tested and deficiencies are identified, escalated, and addressed
Provide insights on systemic control weaknesses and emerging risk themes
Stakeholder engagement and advisory
Act as a trusted advisor to Business Owners, Risk, Procurement, and senior stakeholders
Facilitate discussions on supplier risks, control gaps, and remediation strategies
Lead escalation management for complex or high-risk supplier issues
Governance and regulatory alignment
Ensure supplier risk activities align to Group frameworks and regulatory expectations (e.g. supplier lifecycle, operational risk standards)
Support governance forums and provide clear, actionable risk reporting
Drive improved risk practices and consistency across the organisation
Continuous improvement and transformation
Identify opportunities to improve the supplier risk operating model, processes, and tooling
Support initiatives that reduce duplication, improve efficiency, and uplift capability
Champion a culture of end-to-end ownership and accountability
We're interested in hearing from people who:
Extensive experience in supplier risk, operational risk, or controls assurance
Strong understanding of third-party risk frameworks and control environments
>5 years in operational/ technology risk within financial services with proven supplier risk experience
Sound understanding of information security management, Privacy legislation, ITIL, IT service continuity, IT disaster recovery, business continuity management, and third party control assurance
Experience leading teams or portfolios delivering risk outcomes at scale
Experience managing complex stakeholder environments across business and risk functions
Familiarity with regulatory expectations for outsourcing and third-party risk (e.g. CPS230)
Sound understanding in dealing with regulatory and compliance issues within a major financial institution, audit firm or other major company
Ability to analyse trends, identify critical threats and opportunities, diagnose problems and issues and recommend appropriate actions
Have a passion for Supplier and technology risk and remain up to date on the latest emerging industry trends and disruptive technologies
CA or CPA degree or any relevant tertiary qualifications in finance or risk management preferred
If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.
We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.
Advertising End Date: 18/06/2026
