Senior Manager - Cyber Risk Quantification

Senior Manager – Cyber Risk Quantification 

Overview 

As a Senior Manager – Cyber Risk quantification, you will develop and lead CBA’s Cyber Risk Quantification capability, supporting the Group to manage its cyber risk by providing data-driven insights. You will be responsible for developing the roadmap for the capability, overseeing periodic and repeatable modelling of cyber risk, ensuring data collection, interpretation, and reporting of risk. 

Key Responsibilities 

• Develop and maintain a comprehensive library of plausible cyber risk scenarios, ensuring they reflect current and emerging threats, attack types, and business impacts leveraging Group’s cyber risk quantification tool. 

• Apply standardised methodologies and frameworks (e.g., MITRE ATT&CK, FAIR) to scenario development. 

• Align scenarios with enterprise risk management processes and governance. 

• Collaborate with business, risk, and compliance stakeholders to ensure scenarios are relevant and actionable. 

• Document all scenarios with clear narratives, including threat actors, attack vectors, and potential impacts. 

• Report scenarios through cyber risk quantification tools and track key risk metrics, stress-test results, and control effectiveness 

• Ensure all scenario work meets regulatory and board requirements, supporting compliance with internal policies, risk standards, and external obligations. 

• Engage with Line 2 risk and assurance functions for robust and independent scenario management review. 

 Leadership and Stakeholder Engagement 

• Provide technical leadership and advice on cyber risk quantification to senior leaders and key stakeholders. 

• Foster a high-performance culture through visible leadership, coaching, and mentoring. 

• Contribute to the broader cyber community by sharing knowledge and expertise. 

Skills & Experience 

• Strong analytical, decision-making, and critical thinking skills. 

• Advanced knowledge of cybersecurity risk management and information security. 

• Demonstrated experience with cyber risk quantification methodologies and tools. 

• Expertise in mapping cyber risk scenarios. 

• Excellent stakeholder engagement and communication skills, including experience with regulatory and board-level reporting. 

• Familiarity with relevant regulatory requirements and industry standards (e.g., APRA CPS 234, ISO 27001, NIST CSF). 

Preferred Background 

• Experience in cyber risk quantification, scenario reporting, and risk management. 

• Understanding probabilistic modelling, Monte Carlo simulations, or other quantitative methods is advantageous. 

• Experience in large, complex, regulated organisations, preferably in financial services or critical infrastructure. 

• Demonstrated ability to work collaboratively across business, risk, and technology teams. 

CBA Mindsets & Behaviors 

• Role model CBA’s Leadership Principles: obsess over customers, create exceptional teams, lead as an owner, be curious and humble. 

• Advocate for continuous improvement, agile maturity, and customer focus within the squad and broader Cyber Generalist community. 

• Ensure all activities align with CBA’s purpose, values, and Code of Conduct.