Manager, Third Party Technology & Cyber Risk

The Manager is part of the Third-Party Tech & Cyber Risk team within the Technology & Cyber Risk function in the
Technology Business Unit. The role leads partner-facing technology and information security assurance activities including coordinating responses to business partner requests maintaining partner assurance artefacts and supporting periodic assurance and reporting.

The role also supports delivery of TALs third-party technology risk and cyber security management approach including embedding relevant technology and cyber contractual clauses and governance expectations. This role is accountable for maintaining and continuously improving relevant frameworks policies practices and controls to ensure TALs risk posture remains within appetite.

In this role you will:

• Engage and coordinate across Technology Risk Legal Procurement and Partnerships to provide consistent information on TALs control posture and risk management approach.
• Support response to technology and information security assurance queries from business partners ensuring responses are timely accurate and aligned to TALs internal technology & cyber control environment.
• Review and interpret independent assurance artefacts (e.g. SOC reports ISO certifications) and translate outcomes into clear positions and control summaries.
• Produce concise reporting for Technology leadership / ELT on partner assurance demand key themes and emerging risks partner-impacting issues and remediation progress including escalations where commitments may be at risk.
• Plan and execute targeted internal control deep dives (design and operating effectiveness) over selected technology/cyber controls to validate partner commitments and strengthen confidence in assurance responses.
• Assist with the uplift and maintenance of partner-facing technology and cyber clauses to align with TALs regulatory obligations and evolving threat environment in collaboration with Legal Risk and Technology stakeholders.

Qualifications :

• Bachelors degree in Information Technology Cybersecurity Risk Audit Finance or related discipline; relevant certifications such as CISM/CRISC/CISSP (or equivalent) preferred.
• 3 years experience (recommendation for manager level) in Technology Risk Cybersecurity Controls
  Assurance/Internal Audit Third-Party Risk or GRC with demonstrated ownership of deliverables and stakeholder management across Technology and business teams.
• Demonstrated experience performing control testing (design & operating effectiveness) including defining test steps evidence requirements sampling approaches documenting workpapers and driving remediation actions to closure.
• Strong working knowledge of APRA CPS 230 / CPS 234 and how these translate into practical governance assurance expectations evidence standards and contractual obligations.
• Hands-on experience reviewing and interpreting industry assurance artefacts (e.g. SOC reports ISO 27001 certification/SoA and related third-party attestations) and converting them into clear assurance positions for stakeholders/partners.
• Familiarity with commonly used security/control frameworks and regulatory considerations (e.g. ISO 27001 NIST CSF Privacy Act SOCI and where relevant SOX-type control principles).

Additional Information :

TAL is one of Australias leading life insurers committed to inclusion and supporting the career growth of our diverse workforce. Were proud to be:  

• An Inclusive Employer Recognised as Employer of Choice for Gender Equality by the Workplace Gender Equality Agency and Bronze Tier Status within the Australian Workplace Equality Index  
• Diversity Champions Member of Diversity Council Australia Australian Disability Network Pride in Diversity and Champions of Change  
• Reconciliation Advocates Read our Innovate Reconciliation Action Plan. 
• We welcome applications from people with diverse experiences perspectives and backgrounds including Aboriginal and Torres Strait Islander people caregivers individuals living with disabilities people from culturally diverse backgrounds and the LGBTIQ community.  
• Need adjustments during the recruitment process Let our team know by getting in touch with us here to support you. 

Yourealwaysaccountable for your actions. You never give up. You strive to find the best outcomes for customers and valueworking together to find the best solutions for problems.  

As part of the recruitment process there are several checks which may be conducted to demonstrate your eligibility for a role at TAL including Criminal History Bankruptcy Entitlement to Work Regulatory and Reference Checks.  

#LI-Hybrid 

Everyone at TAL has a responsibility to do the right thing and is accountable for the way they conduct themselves. Our expectations are that you follow the principles set out in our Code of Conduct when you come to work every day. Risk management is everyones responsibility.

If you are already a TAL employee please apply via the SmartRecruiters button in Workday and navigate to the Employee Portal. This is important to ensure that your application is recorded accurately.

Remote Work :

No

Employment Type :

Full-time