Additional Information
Closing Date: 15 June 2026
Worker Type:
Permanent
Purpose:
The IT Risk & Security Analyst provides first line risk, control and governance oversight across Technology, supporting the effective management of Technology risk in accordance with NAB's operational risk, compliance and governance frameworks.
The role acts as a key first line risk partner to Technology, providing insight, challenge, guidance and assurance to support effective risk-based decision making.
The role partners with Technology teams and Divisional Controls stakeholders to identify, assess and manage risks, ensure effective control design and performance, and provide advisory support on Technology processes and controls across International offices (UK, US, Europe and Asia).
The role is critical in supporting audit and regulatory obligations, facilitating risk governance forums, and ensuring that Technology risk positions, emerging risks, achievements and progress against enterprise KPIs are accurately represented to stakeholders at all levels of the organisation.
Capabilities, Experience & Qualification Requirements
Essential capabilities (core)
Strong understanding of Technology risk management, operational risk frameworks, and control environments within a regulated financial services context.
Proven ability to interpret and apply Group Information Risk Policies and standards into practical control implementation.
Demonstrable experience identifying control gaps and driving remediation to achieve sustainable outcomes.
Strong experience supporting Internal and External Technology Audits, including evidence management and remediation tracking.
Working knowledge of risk management systems (e.g. Archer or equivalent) with accurate maintenance of risks, controls and issues.
Ability to support and contribute to risk governance forums, delivering clear and structured reporting to stakeholders.
Ability to challenge stakeholders constructively to drive improved risk and control outcomes.
Strong communication and interpersonal skills, with the ability to engage, influence and build relationships across Technology and Business Units.
Ability to translate complex risk and control concepts into clear, actionable insights for both technical and non-technical stakeholders.
Experience working across international teams (UK, US, Europe, Asia) with flexibility to support global engagement, including Australia.
Proactively identifies emerging risks, control weaknesses and improvement opportunities.
Takes ownership of issues through to resolution, ensuring remediation is timely, effective and audit-defensible.
Promotes a strong risk culture, demonstrating accountability, attention to detail and a continuous improvement mindset.
Other capabilities (technical)
Working knowledge of risk management systems (e.g. Archer or equivalent) for maintaining risks, controls, events and remediation activities.
Understanding of Technology control frameworks and regulatory requirements (e.g. CPS 230, CPS 234 or similar).
Experience supporting audit processes, including evidence collation, remediation tracking and reporting.
Familiarity with risk and control methodologies, including risk profiling, control design and effectiveness assessment.
Knowledge of Identity and Access Management frameworks, vulnerability management practices and directory services (e.g. Active Directory).
Ability to provide practical guidance and advisory support to stakeholders on Technology risk, controls and processes, with limited hands-on support where necessary.
Qualification Requirements
Preference for relevant tertiary/post-graduate qualifications - Degree in Computer Science / information systems or equivalent technical qualification.
Relevant industry certifications desirable (e.g. CISA, CISM, CRISC or similar risk, audit or security certifications).
Understanding of industry risk and security frameworks (e.g. ISO 27001, NIST, COBIT) desirable.
Ongoing commitment to professional development and maintaining knowledge of emerging risk, regulatory and control practices.
Nab · 52 Lime Street