let’s make something together

Give us a call or drop by anytime, we endeavour to answer all enquiries within 24 hours on business days.

Find us

PO Box 16122 Collins Street West
Victoria 8007 Australia

Email us


Phone support

Phone: + (066) 0760 0260
+ (057) 0760 0560

CST Business Enablement Risk Lead

  • By Sylwia Lupa
  • 2 March 2023

The bank operates from over 3,900 offices in 67 countries, supporting 38 million customers in an increasingly digital offering that requires always on and secure operations of the technology estate.

The Cybersecurity team is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through specialized subject matter experts.

The CST Business Enablement Risk Lead is a role within the Cybersecurity Strategy & Transformation (CST) function of the Cybersecurity team. The role holder will interface and work closely with the relevant stakeholders within the Cybersecurity Business Enablement (CBE) function and will contribute for delivering the CST Business Enablement framework and operating model going forward.

Your responsibilities

The CST Business Enablement Risk Lead will drive and deliver the following services in conjunction with the CST team and individual Global Business/Global Function/Regional (GB/GF/Regional) CBE teams:

  • Work with control and service owners to agree strategy, roadmap and architecture business cases to meet GB/GF/Reg needs

  • Work with the strategy and architecture team, risk and control owners, GRC and CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to identify global gaps or opportunities for improvement, highlighted in audits and emerging from evolving regulatory requirements.

  • Assist Cybersecurity capability leads/ Product Owners/ project teams to prioritise demand based on GB/GF/Reg risk return on investments, change feasibility and the mandatory nature of change (regulations).

  • Liaise with CBE delivery and consulting leads in respective GB/GF/Reg to identify requirements and strategy for central change initiatives.

  • Gather CISO, strategy, architecture and GB/GF requirements regions and business via the CBE teams within respective GB/GF/Reg. (for example by participating in their Business Cyber Defense forums, Business-Cyber delivery forums, RCMM’s etc.) Via the CBE team, understand local business strategy and direction, with focus on information security as input in development of the transformation and strategic plans. Liaise with Strategy and Service Management team within CST to assist with overall business case development and investment planning.

Support change programme management in relation to GB/GF/Reg:

  • Support coordination and facilitate discussion between Cybersecurity capability leads/ Product Owners/ project teams; technology and the CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to define qualitative and quantitative benefits of the change.

  • Assist Cybersecurity capability leads/ Product Owners/ project teams to understand the path of adoption for the work they are doing.

  • Work with Cybersecurity capability leads/ Product Owners/ project teams to ensure strategies, roadmaps and architecture meet requirements from CBE teams

  • Support and facilitate the Business Case (Investment Feasibility) development process and support in relevant approval/ sign off. Work with CBE team (RISO & BISO, cyber delivery and consulting leads) to manage stakeholders within GB/GF/Reg.

  • Coordinate change delivery/ deployment across recipients of change (i.e. regional control owners):

  • Work with Cybersecurity capability leads/ Product Owners/ project teams and Service Owners to assist with the development of the Operational Readiness plan (i.e. BAU embedment) for the GB/GF/Reg within the change releases.

  • Ensure clear traceability of delivery to outcomes, risks and control improvements. Engage with CBE teams (RISO’s, BISO’s, Delivery and Consulting leads), CRCS Pods owners along with the Cybersecurity capability leads/ Product Owners/Value Stream Lead/ Project teams; to deliver clear business benefits around project scope, progress, control uplift maturity, regulatory outcomes and overall benefits in business friendly language.

  • Ensure escalation for CBE and project teams and support with unblocking change delivery/ adoption issues for their respective assigned areas of CBE business and regions. Also provide specialist advise/ business context to the as it pertains to the GB/GF/ Reg.

  • Support the proactive management of risks for delivery, operational and implementation rollout for business/regions within the Cybersecurity Sub-Value Stream (SVS) and Platforms, through coordination and collaboration with capability leads/ Product Owners/ project teams and Portfolio Mgmt. team and CBE teams (RISO’s, BISO’s, Delivery and Consulting leads)

  • Assist the delivery teams and Cybersecurity capability leads/ Product Owners/ project teams in ensuring that the production of work is accounted and planned for as part of portfolio delivery.

  • Communicate with all key stakeholders


  • Good Risk and Controls understanding

  • Knowledge and exposure of Cybersecurity Risk and Control Management

  • Experience of translating difficult IT concepts into business language;

  • Experience with Technology risks and controls related to Cybersecurity

  • Strong progamme and project management/ business analysis background

  • Experience of project management principles or have a relevant Project Management qualification (e.g. PRINCE2, Agile);

  • Experience with Project Management Tools (such as Clarity, JIRA)

  • Technical background

  • Excellent cybersecurity knowledge; Understanding of Cybersecurity concepts such as threats, vulnerabilities, attack vectors, inherent/residual risk;

  • Understanding metrics and measures in managing risks and controls (KPIs, KCIs, KRIs);

  • Familiarity with the NIST Cyber Security Framework (CSF);

  • Understanding of regulatory landscape.

  • Strong stakeholder management and communications skills

  • Experience of working at an operational level in international environments;

  • Experience in managing stakeholders;

  • Experience in creating and reviewing executive reports (up to board level);

  • Experience of setting and assuring delivery quality criteria for cybersecurity delivery including strategies, roadmaps, architecture and plans

  • Experience in dealing with senior management, internal/ external audit, business and wide array of global stakeholders.

  • Team-oriented mentality combined with ability to complete tasks independently to a high quality standard

  • Experience within fast-moving, complex and demanding corporate environments that run large Cybersecurity change programmes/ portfolio of work needing engagement with complex stakeholder across the lifecycle i.e. requirement gathering, development, deployment/ embedding, benefit realisation and feedback.


  • Experience with GRC Tools (such as HELIOS, ServiceNow, Archer)

They offer:
  • Stable job in professional team
  • Interesting path of career in an international organization
  • Private health care, employees’ benefits
  • Flexible working pattern and possibility of home working
  • Casual dress code
  • Cultural exchange

Note: Prepare your CV in English (PDF), fill in the form and apply! 🙂
Please include in your CV the following clause necessary for the recruitment process:

“I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the CST Business Enablement Risk Lead  position on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”.

Dotcommunity jest zarejestrowana w Rejestrze agencji zatrudnienia (KRAZ) pod numerem 9904.