Senior Manager Technology Risk

Technology CCO (TCCO)’s purpose is to ensure our technologists have the capabilities to effectively manage non-financial risks and provide secure and always available technology products and services to our customers. 

The TCCO Technology, Security and Data team works closely with the Chief Information Officers across Technology to ‘shift left’ by driving an emphasis on inherent risk reduction through modernisation and simplification of the Group’s technology estate. This is in parallel to ensuring the current control environment is being effectively managed, risks (current and emerging) are transparent and have robust treatment plans, and enable the delivery of key strategic objectives through simple and proactive risk advice and assessment. 

The Senior Manager of Fraud and Scams L1 Risk plays a pivotal role in strengthening CommBank’s control environment across fraud, scams, and technology related risk domains. You will lead proactive Change Management Risk Assessments for technology initiatives evaluating risks across data pipelines, APIs, automation, and AI/ML integrations to ensure safe, compliant, and resilient delivery of change. 

The role partners closely with Group Investigations (GI) and the Fraud and Scams Response Centre (FSRC) to uplift risk transparency, improve incident management, and identify opportunities for automation and simplification of core processes and SOPs. Through this, you will enhance operational resilience, strengthen response capability, and embed a forward-looking risk culture across Group Security and Technology. 

The role will also contribute to the design and continual uplift of the Scam Prevention Framework (SPF) for Group Fraud Management Services (GFMS), helping define scam risk exposures and the associated mitigations across people, process, and technology. 

• Lead and deliver end-to-end risk assessments for technology and change programs, covering ETL, databases, APIs, and AI/ML systems, with robust treatment plans and controls aligned to SPF objectives. 

• Provide specialist advice on fraud, scam, and technology risks to ensure secure, compliant, and customer-centric outcomes. 

• Partner with FSRC and GI to manage incidents, remediation, and regulatory reporting, while driving automation, SOP simplification, and technology uplift. 

• Contribute to the design and maturity of the Scam Prevention Framework (SPF) by defining exposures, assessing control effectiveness, and embedding sustainable mitigations across GFMS. 

• Collaborate with data and engineering teams to assess data quality, lineage, and model governance for AI-driven scam and fraud detection systems. 

• Drive Responsible AI governance by leading impact assessments, advising on AI use case risks, and ensuring compliance with ethical and regulatory guardrails. 

• Extensive experience in fraud and scams prevention, investigation, or remediation, with proven expertise in risk identification, prevention frameworks, and response execution. 

• Strong technical understanding of ETL/data pipelines, databases, APIs, and systems integration, with the ability to assess technology change and data flow risks. 

• Exposure to AI/ML or analytics-driven detection systems, with experience in Responsible AI governance, model validation, or control design. 

• Proven ability to perform change risk assessments for technology initiatives, including identifying inherent risks and defining pragmatic mitigations. 

• Deep understanding of fraud risk typologies, scam trends, and emerging threats, with the ability to translate this into effective risk controls. 

• Strong analytical and critical thinking skills with a structured approach to complex problem solving. 

• Excellent written and verbal communication, with the ability to simplify technical and risk concepts for senior audiences. ​