• Define and develop appropriate Technology audit capability within NAB’s Internal Audit tea.
• You’ll join a high-performing Internal Audit business, backing talented individuals who provide a consistent and excellent service across the enterprise.
• Opportunity to bring your Technology knowledge to Internal Audit.

Our people are customer obsessed. They prioritise the needs and satisfaction of the customer above all else.  Our mindset fosters innovation and creates strong, lasting customer relationships as we strive to be the most customer centric company in Australia and New Zealand. 

In the role of Audit Manager, you will join Internal Audit Security team that’s doubling down on moving with speed.

Each day you will go above and beyond to:

• Provide efficient delivery and documentation of quality audit workpapers, including walkthroughs, control identification, control design assessments, and control operating effectiveness testing.
• Plan and deliver Cloud Security audits covering IAM policies, VPCs, security groups, container orchestration platforms (Kubernetes, EKS, AKS) serverless functions, Entra ID and CI/CD pipelines (Harness, Jenkins, GitLAB CI/CD etc.)
• Efficient verification of audit-raised issues within internal SLA targets once the business indicate issues are complete, supported by quality workpapers.
• Build strong working relationships with internal and external stakeholders across different levels of the organisation.
• Be flexible and comfortable working in an agile, fast, and constantly changing environment.
• Hold proficiency in auditing cloud environments and understanding of cloud-native technologies and distributed systems.

What you’ll bring

• Proven experience within Security auditing (Internal Audit) is required.
• Proficiency in DevOps practices, including Continuous Integration and Continuous Deployment (CI/CD) and Infrastructure as Code (IaC), security practices in Terraform, and ARM templates, validates encryption at rest and in transit, and assesses key management systems and secrets management solutions.
• Experience working with common enterprise technology platforms, applications, and solutions, i.e. Microsoft Extra ID, Azure Key Vault, AWS IAM, and GCP IAM.
• Experience in auditing cloud environments, cloud-native technologies, and distributed systems.
• Bachelor’s degree in computer science, Information Technology, or a related field (master’s degree preferred) and will hold a current CISA/CISM/CISSP.
• Industry recognised security certifications such as CCSP, AWS Security – specialty and/or Azure security architect expert (SC-100), DevOps Engineer Expert (AZ-400) preferred.
• Certifications in cloud technologies (e.g., AWS Certified Solutions Architect, Microsoft Certified: Azure Solutions Architect Expert) are highly desirable.

We respectfully ask candidates to hold any questions for the phone interview, where we’ll discuss the role in detail and answer any questions. This helps to ensure a focussed, efficient and fair application process. The talent acquisition team looks forward to addressing all inquiries at that time if your application progresses. 

A diverse and inclusive workplace works better for everyone 

We know that our people make us who we are. That's why we have built a culture of equity and respect – where everyone feels valued and appreciated for being their authentic selves. In partnership with our multiple Employee Resource Groups (ERGs) we continue to foster an inclusive environment, where all NAB colleagues’ unique backgrounds and identities are understood, respected and celebrated. 

We are committed to providing an environment where you can work your way.  

For details on the recruitment process, and accessibility, please visit https://www.nab.com.au/about-us/careers/apply-for-job.  To discuss adjustment requirements, please contact the NAB Careers team, via nab.careers@nab.com.au (please reference job number) or visit our Careers page through the link above for other contact options. 

Join NAB 

If you think this role is the right fit for you, we would love to hear from you. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert. Unsolicited CVs from agencies will not be accepted.