Req ID:
120207
Department:
Internal Audit - Technology & Information Security
Division:
Internal Audit
Location:
Melbourne
About Us
At ANZ, we're shaping a world where people and communities thrive, driven by a common goal: to improve the financial wellbeing and sustainability of our millions of customers.
ANZ Internal Audit’s 2030 ambition is to be the leading audit function and the Bank’s trusted independent voice. We contribute to ANZ’s Group 2030 Strategy through providing the strength and perspective required for ANZ to lead the industry in trust, safety and risk management, adhering to the highest standards of non-financial risk management. About the Role
The Audit Director – Business Technology is accountable for leading Internal Audit’s specialist Technology and Information Security audit capability for business technology risks, supporting integrated assurance delivered across customer value chain and specialist audit teams.
The role provides specialist technology and information security expertise to support the assessment of Technology Risk and Information Security & Cyber risks within business processes, systems and applications. The role also works closely with the Technology Risk and Information Security & Cyber Centres of Audit to ensure assurance approaches are aligned, consistent and risk-focused across integrated audit activity.
Reporting to the General Manager Audit – Technology & Information Security, this role plays a key leadership position within Internal Audit, leading the Business Technology audit team, maintaining strong stakeholder relationships, developing specialist audit capability, supporting Internal Audit’s strategic priorities and initiatives, and role modelling the standards, behaviours and independence expected of audit leaders
Role Type: Permanent
Role Location: Melbourne or Brisbane
Work Hours: Full time What could your day look like?
As the Audit Director – Business Technology, you will be accountable for:
Accountable for the delivery of specialist Technology and Information Security audit work within integrated audits, supporting customer value chain and specialist Internal Audit teams where technology and cyber risks form a material part of the audit scope
Contribute to audit planning and scoping for co-delivered audits, identifying Technology and Information Security risks and aligning assurance approaches with the Technology Risk and Information Security & Cyber Centres of Audit
Lead and oversee audit work owned by the Business Technology team, ensuring audit procedures, conclusions and reporting are delivered in line with Internal Audit methodology and Global Internal Audit Standards
Work closely with the Technology Risk and Information Security & Cyber Centres of Audit to ensure coordinated and consistent assurance coverage across integrated audits
Provide constructive challenge and influence to business, risk and technology stakeholders to strengthen technology risk management and control environments
Ensure effective prioritisation and deployment of specialist technology audit capability across integrated audits to maintain coverage quality and effective delivery
Identify opportunities to improve the effectiveness, efficiency and impact of technology and information security assurance, including through the use of data, automation and innovative assurance techniques
Escalate material themes, emerging risks and systemic issues identified through audit activity in a timely and transparent manner
Lead, develop and mentor audit teams, building specialist capability, depth and consistency in audit execution and professional judgement
Support regulatory engagement, including supervisory interactions and requests, while contributing to Internal Audit’s strategic priorities and continuous improvement initiatives.
What will you bring?
To grow and be successful in this role, you’ll ideally bring the following:
Technology and Information Security risk management expertise: Expert knowl edge of technology and information security risk management, including application controls, system development and change, access management, data protection, resilience, third-party technology risk and cyber controls.
Regulatory and prudential Technology risk requirements: Strong working knowledge of prudential and regulatory requirements relevant to technology and information security risk, including CPS 230 and CPS 234, and the ability to assess control design and operating effectiveness within integrated audits.
Technology and Information Security control frameworks: Practical knowledge of recognised technology and information security control frameworks such as NIST, ISO/IEC 27001 and COBIT, and the ability to
Internal Audit and assurance expertise: Extensive experience delivering audits or assurance engagements in large, regulated organisations, with strong expertise in Internal Audit methodology and Global Internal Audit Standards.
Data-enabled audit and analytics-informed assurance: Experience using data analytics and data-enabled assurance techniques to inform audit scoping, testing strategies and conclusions.
Stakeholder engagement and influence: Strong capability to engage credibly with senior business, risk and operations stakeholders, provide constructive challenge and influence improvements in risk management and control environments.
Leadership and people development: Experience leading, coaching and developing audit teams, building professional judgement, capability depth and succession through active involvement in assurance delivery.
Technology risk and regulatory exposure: Experience assessing technology-enabled business processes, third-party or outsourced technology risks, or contributing to regulatory reviews and supervisory interactions involving technology and information security risks, is advantageous.
Qualifications: Tertiary qualification in information technology, cyber security, engineering, risk, audit or a related discipline. Relevant professional qualifications (e.g. CIA, CISA, CISSP, CISM or CRISC) and/or postgraduate qualifications in technology, cyber security or risk are desirable.
You’re not expected to have 100% of these skills. At ANZ a growth mindset is at the heart of our culture, so if you have most of these things in your toolbox, we’d love to hear from you. So why join us?
From the moment you join ANZ, you'll be doing meaningful work that will shape a world where people and communities thrive.
But it's not just our customers who'll feel your impact. You'll feel it too. Because at ANZ, you'll have the resources, opportunities, and support you need to take the next big step in your career.
We're a diverse bunch at ANZ in different roles, different locations, doing different things. That's why we have a range of flexible working arrangements, so our people can 'make work, work for them'. We also provide a range of benefits including access to health and wellbeing services and discounts on selected products and services from ANZ and more.
At ANZ, you'll be part of an organisation where the different backgrounds, perspectives and life experiences of our people are celebrated. That's because we're committed to building a workplace that reflects the diversity of the communities we serve. We welcome applications from everyone and encourage you to talk to us about any adjustments you may require to our recruitment process or the role itself. If you're a candidate with a disability or access requirement, and have an enquiry about the support provided, please let us know on your application or visit ANZ Accessibility and Inclusion Programs for alternate contact methods.
To find out more about working at ANZ, visit https://www.anz.com.au/careers . You can
Job Posting End Date
30/07/2026, 11.59pm, (Melbourne Australia)