See yourself in our team:
The Cloud Business Office (CBO) is a small, high-impact team that sits at the heart of CommBank’s cloud transformation. We partner with BU CIOs, delivery teams, and senior executives to drive delivery of CBA’s cloud strategy, by supporting cloud adoption across the Group, optimise operations, and deliver meaningful outcomes at scale.
Do work that matters:
This role plays a pivotal part in uplifting Cloud and SaaS Governance across the Group. You’ll work across a diverse network of technology stakeholders — from delivery teams to CIOs — to ensure adherence to Group Cloud and SaaS frameworks, policies, and standards.
You’ll provide guidance to delivery teams on applying governance requirements and support reporting processes for senior stakeholders. You’ll also build and maintain processes, metrics, and insights that provide senior leadership with transparency on risk posture and compliance status.
If you’re an experienced professional with a passion for cloud governance, data-driven insights, and continuous improvement, we’d love to hear from you.
Key responsibilities for this role includes:
Support the implementation and continuous improvement of the CBA Public Cloud and SaaS Governance Framework, policies, and minimum control standards.
Provide oversight of Cloud and SaaS adoption across the Group, ensuring alignment with the Group Workload Placement Standard, SaaS Assessment Guideline, and Information Security Policy.
Ensure accurate lifecycle tracking of all Cloud and SaaS applications through the Group Configuration Management and IT Service Management processes.
Support compliance and regulatory reporting (including APRA and international requirements) for significant Cloud and SaaS workloads.
Develop and maintain dashboards, metrics, and insights to monitor risk exposure, compliance trends, and governance maturity for senior stakeholders.
Provide guidance and support on Cloud and SaaS risk assessments, ensuring alignment with the Group Operational Risk Management Framework and Third Party Security Standard.
Identify and drive remediation of control gaps and track treatment actions in accordance with the Group Issue Management Standard.
Collaborate with Third-Party Security, Technology Risk, Legal, Privacy, and Procurement teams to ensure Cloud and SaaS services meet data protection, resilience, and regulatory obligations.
Ensure compliance with APRA CPS 230 and other applicable regulatory standards related to SaaS and third-party arrangements.
Conduct periodic control reviews and support assurance and audit activities.
Maintain appropriate evidence and documentation to support internal and external reporting requirements.
Assist in preparing reporting packs and insights for forums such as Technology Risk Committees, Cloud Steering Committees, and other governance bodies.
Use insights to drive continuous improvement in Cloud and SaaS governance, processes, and risk management practices.
Build strong, collaborative relationships across Technology Domains, Business Units, and Risk teams to support consistent adoption of Cloud and SaaS governance practices.
Promote awareness of proactive risk management practices within your stakeholder group
We are interested to hear from people who have:
Strong experience in operational risk and governance, ideally within a large or federated technology organisation.
Proven understanding of Cloud and SaaS delivery models, data management, and third-party security principles.
Strong understanding of operational risk and control frameworks relevant to cloud and SaaS environments, including APRA CPS 230 / CPS 231, CBA’s Operational Risk Management Framework (ORMF), the Technology Control Library (TCL), and Information Security Standards (e.g., ISO 27001).
Experience working with third-party risk management and/or regulatory reporting requirements.
Strong stakeholder engagement and communication skills, with the ability to provide clear guidance and support
Strong analytical, data interpretation, and reporting skills, using insights to drive decisions and improvements.
Exceptional written and verbal communication skills, including experience preparing executive reports and presentations.
If you are an experienced professional with a desire to take on complex work/projects, then we would love to hear from you!
We support our people with the flexibility to balance where work is done with at least half their time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work in the role you’re interested in.
If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.
We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.