Avp, Enterprise Security Governance

About the role

At ANZ our purpose is to shape a world where people and communities thrive. We’re making this happen by improving our customers’ financial wellbeing so they can achieve incredible things - be it buying their home, building a business or saving for things big or small.

As an Analyst, your role would be to develop a deep understanding of the enterprise Information Security requirements, regulations, risks, controls and governance practices. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis, governance, Risk and compliance management for enterprise and third parties; governance awareness and education; and understanding of policies, standards and guidelines.

Over a short period of time, you would build your expertise and work as ‘person to go to’ for existing and new features analysis. This role could work across multiple squads (including vendor-based squads).

What will your day look like
- Governance of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns to enterprise objectives. Manage and guide Enterprise Security Risk Management including maturity, regulatory and change risk consulting and assessments.
- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks. Develops reporting metrics, dashboards, and evidence artifacts to various forums. Manage compliance capabilities and reporting with a view to measuring ongoing regulatory compliance
- Implement Third Party Risk Management (TPRM) processes to monitor, mitigate and report on risk from third party relationships and related parties.
- Monitor Information security policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Simplifying and packaging information through Agile Analysis and visualisation techniques (e.g. story map, process map, journey map, personas, empathy map, flow chart, lean canvas

What will you bring?
- “T-shaped individual” - Possess a breadth of knowledge in many fields, but also have depth in Information Security Governance, Risk Management frameworks and Compliance concepts and practices with a strong control mindset.
- Proven experience in Third-Party Risk Management, governance practices and external supplier assessments.
- Ability to monitor security standards and guidelines based on best practices and industry standards
- Operate with a high degree of independence with regard to project management activities, Proven analytical skills and evidence-based decision making. Ability to innovate and adapt to latest development in area of expertise
- Successfully built a network of strong relationships and influencing key stakeholders
- Understanding of business & technical landscape with strong Communication & Facilitation Skills.
- Experience with Enterprise Risk management framework, Governance and practices.
- Third Party Risk Management experience
- Understanding of principles around security management frameworks
- Understanding of ISO controls
- Understanding of Regulatory bodies and regulatory obligations
- Experience with vendor assessments
- Understanding of third party contracts and cyber security
- Audit experience will be a plus

**Skills**:
**Analysts are likely to do these Types of Work**:
**Agility and Analysis Toolkit**:

- Strong agile fundamentals and past experience working in a pure agile / scaled agile delivery environment.
- Expertise in Jira and Confluence to create epics, breakdown and write detailed user stories with all details - including business need and use case scenarios technical designs, error scenarios, request responses, data mappings, UI designs and backend information etc.
- A good handle on end to end Vendor management cycle and operational contract management.

**Interpersonal skills**:

- Strong verbal and written communication skills, presentation skills, ability to take a lead in workshops and drive meaningful outcomes
- Demonstrated ability to condense complex ideas and information into a language appropriate for the audience;
- Ability to identify stakeholders within and outside the tribe to connect, relate, build and maintain strong relationships for great business outcomes
- High-level negotiation, presentation and interpersonal communication skills with the proven ability to liaise with a wide range of internal and external stakeholders
- A ‘growth mindset’ and ability to identify opportunities for continuous improvement
- Strong willingness to work on challenging projects, keep ‘team player’ hat on, and deliver against firm timelines
- A community minded approach, an advocate in helping the wider community

So, why join us?

There’s something special about