Technology Governance & Risk Lead
AFCA
Company Description
Fairness feels good
Make a real impact at AFCA. Where fairness drives every decision. Help us deliver world-class, independent complaints resolution for Australians. As a not-for-profit and progressive financial ombudsman, we’re championing positive change. Achieving our purpose takes progressive thinking, accountability and resilience. At AFCA, our inclusive leadership values every voice. We offer our people flexible work options, thoughtful benefits and opportunities to deepen expertise. Flourish in a diverse, caring culture. Feel the difference of belonging to an organisation intentionally designed to put people first.
We’re seeking a Technology Governance & Risk Lead to play a critical leadership role in shaping and maturing AFCA’s technology and cyber risk management frameworks.
Reporting to the Head of Cyber Security & Risk, you’ll act as a trusted advisor across Technology and Enterprise Risk, ensuring our platforms, data and transformation programs operate securely within an evolving regulatory landscape.
You’ll bridge governance and delivery—embedding risk-aware practices that support both strong compliance and modern engineering velocity.
In this role you will:
- Define and own the end‑to‑end solution architecture for the Digital Experience Platform, including website, digital applications, integration and supporting services.
- Translate customer experience and business requirements into practical, implementable architectures aligned to enterprise standards.
- Lead architecture design across digital channels, content management, workflow, integration, data and security layers.
- Work closely with Delivery Leads, Product Owners and business stakeholders to ensure architectural decisions support delivery outcomes and customer journeys.
- Provide hands‑on architectural guidance to delivery teams, including solution design, patterns, and trade‑off decisions.
- Ensure solutions meet security, privacy, risk and regulatory requirements in a financial services or regulated context.
- Collaborate with vendors, system integrators and partners to ensure solution designs align to target architecture and agreed standards.
- Identify and manage architectural risks, technical debt and dependency impacts across the program.
- Contribute to the evolution of enterprise and digital architecture standards, patterns and roadmaps.
Qualifications
You’re a strategic and commercially aware cyber risk professional who can translate complexity into clear, actionable insights.
You’ll bring:
- Extensive experience directing comprehensive threat evaluations and diagnosing sophisticated cyber security risks within highly regulated financial services or digital platform environments.
- Deep operational understanding of sovereign compliance and threat mitigation frameworks, including the ASD Information Security Manual (ISM) and Essential Eight, and relevant ASIC obligations.
- Demonstrated capability to evaluate control effectiveness and map technical workflows against tier-one frameworks, specifically ISM/NIST CSF 2.0, ISO/IEC 27001, the Australian Privacy Principles (APPs), and expectations under APRA CPS 230 and CPS 234.
- Practical knowledge of identifying structural risks associated with advanced analytics, model integrity, and emerging automated tools, ensuring alignment with sovereign AI safety guidance and data security standards.
- Proven track record of architecting, managing, and continuously monitoring dynamic registers dedicated to capturing information security vulnerabilities and complex supply chain risks.
- Elite professional writing and presentation skills, with a focus on translating complex technical vulnerabilities into clear, high-level risk reports for senior management, risk committees, and external compliance partners.
- Expert ability to draft, modernise, and regularly evaluate enterprise-wide technology guidelines, internal security standards, and governance policies to match changing organisational profiles.
- Extensive background acting as a trusted internal advisor to product and infrastructure teams, providing practical mitigation strategies that protect sensitive architectures without halting delivery momentum.
- Hands-on experience collaborating across diverse business segments to establish robust data classification, handling protocols, and protective measures for dense repositories of highly sensitive member data and consumer PII.
Additional Information
- Silver AWEI Accreditation 2025 – Recognised for LGBTQ+ workplace inclusion.
- Accredited Family Friendly Workplace – Supporting work-life balance and inclusivity.
- Hybrid working – Flexible arrangements with two days a week in our modern offices designed for collaboration and wellbeing.
- Additional and inclusive leave options – Flexible public holidays, gender affirmation leave, women’s health leave, and bonus paid time off over the end of year holiday period.
To apply
If you’re passionate about fairness and believe your skills align with this role, we encourage you to apply even if you don’t meet every single criterion.
We welcome applications from people of all backgrounds, cultures, abilities, sexual orientations, and gender identities. If you require any accessibility support during the recruitment process, please reach out to our team at [email protected].
We believe fairness starts with people. That’s why we don’t use AI or automated tools to screen candidates. As a result, our processes may take a little longer, and we thank you for your patience.
About AFCA
The Australian Financial Complaints Authority (AFCA) was established in 2018 as a private not-for-profit ombudsman service providing free, fair and independent help with financial disputes. The original team has grown to over 1600 dedicated professionals. Since 2018, AFCA has received more than 634,000 complaints, helping to secure $2.1 billion in compensation for consumers.
AFCA is a 2026 Circle Back Initiative Employer - we are committed to responding to every applicant.
