Infosec & Data Risk Assurance Manager

We’re seeking an experienced Infosec and Data Risk Assurance Manager to join our Risk, Legal & Compliance team.

About Us

With the merger of MyState Bank and Auswide Bank, we’re entering an exciting new chapter, combining over 120 years of banking experience and expanding our footprint across Australia’s East Coast. This transformation brings bold opportunities to modernise systems, simplify customer experiences, and build a stronger, more innovative organisation.

As we evolve, so too must our approach to risk. That’s where you come in.

We’re looking for an experienced Infosec and Data Risk Assurance Manager to help shape the future of our risk environment. In this role, you’ll provide independent oversight of operational, cyber, information security and data-related risks, ensuring our controls are robust, effective, and aligned with APRA and industry best practices.

The Opportunity

We’re seeking an experienced Infosec and Data Risk Assurance Manager to join our Risk, Legal & Compliance team. This newly created role will provide independent oversight of operational, cyber, information security and data-related risks, ensuring our control environment is robust, effective, and aligned with APRA and industry best practices.

This Role is being advertised in Hobart, Bundaberg and Brisbane.

Key Responsibilities

• Design and implement the Operational Risk Assurance Plan, with a focus on IT, cyber, information security, and data-related risks.
• Conduct independent Line 2 assurance testing and present findings to senior stakeholders and Board Committees.
• Lead investigations into information security breaches and risk events, identifying opportunities for control and process improvements.
• Develop and maintain policies and procedures that support continuous improvement and regulatory compliance.
• Promote a strong risk culture through training, awareness programs, and stakeholder engagement.
• Prepare and present risk insights and reports to Management and Board Committees.
• Provide subject matter expertise on operational and information security risk matters.

What You’ll Bring

Essential:

• Strong experience in operational risk, IT assurance, or internal audit within financial services.
• Deep knowledge of information security, cyber risk, and data governance frameworks.
• Familiarity with APRA standards (e.g. CPS 234, CPG 235, CPS 220) and other regulatory requirements.
• Excellent communication skills, with confidence presenting to senior executives and Boards.
• Proven ability to analyse complex issues and deliver practical, actionable recommendations.

Desirable:

• Experience engaging with regulators and external auditors.
• A track record of leading assurance reviews and driving positive risk culture change.

Employment with MyState is subject to background checks including Bankruptcy, Police, and Credit checks to verify your suitability to work in the finance sector. We are an equal opportunity employer, committed to creating an inclusive work environment where everyone is valued.