Senior Analyst, Operational Risk

The role

The Senior Analyst is responsible for supporting APRA’s Divisions to effectively manage technology and data risks and embed the desired risk culture by operationalising APRA’s risk management, compliance, and resilience frameworks. 

The role is responsible for contributing to elevating APRA’s technology and data risk awareness, promoting good risk management practices and governance, enabling organizational continuity, and establishing mechanisms that enable Management to achieve compliance with mandatory obligations.

The team

The Operational Risk Team operates within the Chief Risk Office and reports to the Chief Risk Officer. The Chief Risk Office is responsible for maintaining and operationalising APRA’s risk management, compliance, and resilience frameworks, providing a holistic view of APRA’s risk profile, driving actions to mitigate risks, and embedding of the desired risk behaviours and culture. 

Key responsibilities

• Contribute to the improvement and operationalisation of APRA’s risk management, compliance, fraud, and business continuity policies and frameworks;

•  Lead enterprise-wide risk assessments focused on technology assets, infrastructure, applications, platforms, and data management practices;

• Identify technology and data risks arising from new projects, system changes, third-party engagements, cloud adoption, and emerging digital trends (e.g., AI, machine learning, automation);

• Evaluate adequacy of existing controls to mitigate technology and data risks, proposing enhancements where necessary;

• Engage broadly across APRA to establish an up to date and accurate view of key risks and the effectiveness of mitigating actions;

• Support actions that embed (and continuously evolve) APRA’s risk culture;

• Communicate the teams’ purpose and function under APRA’s strategy;

• Contribute to an open culture within the business unit, where divergent views are shared and respected; and

• Awareness of APRA’s organisational dynamics and use this effectively in managing internal relationships and engaging stakeholders.

About you

• Working knowledge of risk management concepts and practices;

• Ability to identify risks and provide practical business relevant recommendations and solutions;

• Demonstrated understanding of technology risk, cyber security, data management, and associated regulatory frameworks;

• Demonstrated experience in building relationships and influencing stakeholders;

• Demonstrated ability to communicate concisely (written and verbal) and within context (materiality) to influence decision-making;

• Demonstrated ability to work with ambiguity and take steps to decipher the problem and formulate a path forward;

• Demonstrates ownership and accountability of assigned tasks, and pivoting as required to deliver on the desired outcome;

• Scans a breadth of sources to identify and raise emerging trends. Can distil information appropriately for different audiences;

• Strong personal integrity; and

• Ability to establish and maintain sound working relationships with peers, team members and external stakeholders in a professional team environment.

To work with us, you need to be an Australian citizen with eligibility to gain a Baseline Security clearance.

About APRA

The Australian Prudential Regulation Authority (APRA) places you at the heart of Australia’s financial services industry. APRA serves the Australian community by helping ensure financial institutions deliver on the financial commitments they make, within a stable, efficient and competitive financial system.

At APRA we’re committed to providing an inclusive workplace where everyone belongs, feels valued and respected. We aspire to attract and foster diversity of background, thought, and experience, recognising that a broad range of perspectives, approaches and ideas makes us stronger, and better enables us to meet our obligation to protect the financial wellbeing of the Australian community. When applying, please inform us of any adjustments you may need during the interview process.