Senior Manager Technology Risk & Controls Enablement

When you join ASX, you’re joining a company with a strong purpose – to power a stronger economic future by enabling a fair and dynamic marketplace for all.

In your new role, you’ll be part of a leading global securities exchange with a strong brand. We are known for being a trusted market operator and an exciting data hub. 

Want to know why we are a great place to work, click on the link to learn more.

www.asx.com.au/about/careers/a-great-place-to-work

The ASX team brings together talented people from a diverse range of disciplines. 

We run critical market infrastructure, with 1 in 3 people employed within technology.  Yet we have a unique complexity of roles across a range of disciplines such as operations, program delivery, financial products, investor engagement, risk and compliance.

We’re proud to foster a workplace where diversity is celebrated and inclusion is part of our everyday culture. Our employee-led networks champion LGBTIQ+ inclusion, promote gender equality, accessibility and wellbeing, inspire giving and volunteering, and celebrate cultural and religious events, creating a sense of belonging for all. As an AWEI Bronze employer and member of the Champions of Change Coalition for gender equality, we’re committed to a fair and inclusive workplace where everyone can thrive.

Key purpose of the role:

Act as the senior Line 1 owner of technology risk enablement and controls for ASX, translating enterprise risk frameworks into a coherent technology risk taxonomy, control environment and assessment approach that supports scalable risk management, assurance and regulatory outcomes.

Your Team

The Technology Risk, Business Management & Strategy function supports the ASX Technology division across technology risk, governance, planning and operating‑rhythm activities. The function enables Technology leaders to manage risk, meet regulatory and assurance expectations, and maintain effective governance and performance disciplines.

Your responsibilities

• Own and lead the Line 1 technology risk and controls enablement capability, determining how enterprise risk & compliance frameworks are translated into practical, scalable and ASX Technology divisional, as well as technology and cyber risk specific approaches.
• Design, evolve and govern the technology and cyber risk ecosystem of taxonomies, metrics, control frameworks, policies and assessment approaches, ensuring they are and remain coherent, usable, aligned to internal and external expectations, and informed by best practice.
• Develop new risk and control approaches where gaps exist, including defining trade-state practices, implementation plans, guidance and transition pathways, in alignment to enterprise risks and compliance, to uplift maturity.
• Own the ITGC library, including maintaining artefacts, facilitating changes, coordinating control rollout and assurance activities.
• Evolve integrated IT system-level risk reporting towards data driven outputs considering risk maturity.
• Provide authoritative Line 1 input into enterprise frameworks, such as risk & compliance as well as criticality tiering methodologies, ensuring divisional as well as technology and cyber risk considerations are accurately reflected and grounded in operational reality.
• Lead the development of guidance, playbooks and education for the division and for technology and cyber risk across the enterprise, lifting understanding and capability so risk and controls are embedded into day-to-day technology delivery and operations.
• Drive continual uplift of the technology risk ecosystem through simplification, standardisation, automation and clear ownership.
• Lead, coach and support a team of risk practitioners in an environment with competing priorities and elevated risk exposure, building autonomy, reducing single-point dependencies, and progressively uplifting risk maturity through practical simplification and standardisation.

Your experience and qualifications

Must have

• Significant experience in technology risk and/or compliance roles (Line 1, Line 2 or Line 3), with the credibility and judgement to operate autonomously in a senior Line 1 leadership capacity.
• Demonstrated ability to translate enterprise risk standards and frameworks into fit-for-purpose technology practices, and to operationalise and embed them consistently across complex environments.
• Strong technology and cyber risk expertise, with sufficient technical depth to engage credibly with SMEs such as engineers and cyber practitioners, and to design practical risk and control approaches grounded in operational reality.
• Proven capability to develop, own and evolve risk and control artefacts (e.g. taxonomies, libraries, assessment approaches), maintaining coherence, usability and scalability as the environment changes.
• Demonstrated ability to exercise sound risk judgement at system level, including determining what good looks like at scale, making trade-offs, incorporating feedback and adapting approaches to enable consistency and usability.
• Strong leadership capability in ambiguous and evolving environments, including structuring work, setting direction, prioritising effort and driving outcomes without reliance on established templates or structures.
• People leadership capability, demonstrated through direct, indirect or matrix leadership, including coaching and developing experienced practitioners and building confidence, judgment and autonomy in others.

Nice to have

• Experience operating in regulated, critical or high-reliability environments, where technology and cyber risk scrutiny is elevated.
• Risk-related certification (CISA, CISSP, etc.) or equivalent professional standing.
• Familiarity with recognised technology and risk frameworks such as NIST, ITIL, COSO.
• Exposure to emerging technology risk areas such as AI, cloud at scale, continuous deployment.

We make hiring decisions based on your skills, capabilities and experience, and how you’ll help us to live our values. We encourage you to apply even if you don’t meet all the criteria of this role.

If you need any adjustments during the application or interview process to help you present your best self, please let us know at [email protected].

At ASX Group, our diverse workforce is essential to build and maintain a fair and dynamic marketplace. We support flexible working and offer hybrid working options. Even if our roles are advertised as full-time, we encourage you to apply if you are interested in part-time or other flexible working arrangements.

We will arrange for successful candidates to have background checks, including reference and police checks, completed as part of the on-boarding process.

To be considered for this position, candidates must be legally authorised to work in Australia on a permanent basis without any restrictions.