• Be the subject matter expert within the cyber audit team.
• Scope, deliver and enhance audits that test the effectiveness of the bank’s threat detection, response, and security control environments.
• Suitable for a technically strong audit professional with deep offensive security knowledge.

Our people are customer obsessed. They prioritise the needs and satisfaction of the customer above all else.  Our mindset fosters innovation and creates strong, lasting customer relationships as we strive to be the most customer centric company in Australia and New Zealand. 

In the role of Senior Audit Manager, you will join Internal Audit team that’s doubling down on winning together.

Each day you will go above and beyond to:

• Assess offensive security controls, threat exposure, and red teaming capabilities across the bank’s technology landscape.
• Drive assurance over the bank’s ability to detect, respond to, and mitigate adversarial threats, while embedding attacker-focused perspectives into audit methodology.
• Lead and deliver a small portfolio of concurrent audits (2-3) within agreed resource and time budgets.
• Assess the design and operating effectiveness of offensive security controls and breach detection capabilities.
• Evaluate vulnerability management practices, including exploitability analysis, patch governance, and remediation tracking. Review application security testing processes, including secure SDLC, DAST/SAST tooling, and code review practices.
• Provide technical guidance in audit planning, risk assessments, and control testing for cyberattack simulation engagements.
• Collaborate with security engineering teams to assess tooling, detection logic, and response automation.

What you’ll bring

• Ability to interact and work with peers successfully with strong communication skills.
• Strong expertise in offensive security practices including penetration testing, red teaming, adversary emulation, and vulnerability exploitation.
• Hands-on experience with tools such as Metasploit, Cobalt Strike, Burp Suite, Nmap, BloodHound, and custom scripting (Python, PowerShell).
• Sound knowledge of security architecture and control design across cloud platforms, networks, endpoints, and identity systems.
• Ability to translate offensive security findings into audit objectives and actionable risk insights.
• Familiarity with APRA CPS 234, ISO 27001, NIST 800-53, and other relevant regulatory frameworks.
• Prior experience in offensive security, penetration testing, red teaming, or adversary simulation preferably with exposure to internal audit, assurance, or second-line cyber risk functions.
• Demonstrated experience delivering red team or adversary emulation engagements in complex environments (banking/financial services preferred).

We respectfully ask candidates to hold any questions for the phone interview, where we’ll discuss the role in detail and answer any questions. This helps to ensure a focussed, efficient and fair application process. The talent acquisition team looks forward to addressing all inquiries at that time if your application progresses. 

A diverse and inclusive workplace works better for everyone

We know that our people make us who we are. That's why we have built a culture of equity and respect – where everyone feels valued and appreciated for being their authentic selves. In partnership with our multiple Employee Resource Groups (ERGs) we continue to foster an inclusive environment, where all NAB colleagues’ unique backgrounds and identities are understood, respected and celebrated.

Join NAB

If you think this role is the right fit for you, we would love to hear from you. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert. Unsolicited CVs from agencies will not be accepted.