Senior Consultant, Threat Planning


Location: Albury

Job Type: Full time


  • Be supported to grow your career at NAB
  • Bring your ideas, ambitions, and passions – both in and outside of work
  • Work in a collaborative and inclusive team environment

It’s more than a career at NAB. It’s about more opportunity, more moments to make a difference and more focus on you.

Your job is just one part of your life. When you bring your ideas, energy, and hunger for growth to us, you’ll be recognised and rewarded for your contribution in return. You’ll have our support to excel for our customers, deliver positive change for our communities and grow your career a Senior Consultant, Threat Planning.

The role:

The Senior Consultant, Threat Planning is responsible for improving NAB's cyber resilience using the risk scenario / threat attack scenario framework.

The role and day to day will include:

  • Lead and drive threat planning and management capability for the bank - ensuring NAB's cyber security capabilities are commensurate with threat to assets.
  • Implement and manage the Threat-Led Risk Framework - including scenario creation, scenario risk assessment, attack scenario development, countermeasure mapping, and coordinating relevant offensive/table-top testing.
  • Maintain Threat-Led Risk Framework alignment to enterprise risk management processes and Governance Risk and Compliance platform.
  • Embed the cyber risk scenario framework across relevant teams and processes - including Cyber Threat Management, Cyber Detection & Response and other Cyber Security teams.
  • Work with Control / Process / Service Owner to mature their functions and improve mitigation of cyber risk scenarios.
  • Work with Governance Risk & Compliance, Enterprise Controls and Risk teams to ensure the Cyber Security risk profile appropriately reflects cyber threat and controls - including supporting regular cyber risk profiling activities.
  • Produce periodic management reporting on the changing cyber threat landscape and its impact on cyber resilience, controls / countermeasures, and impact on cyber risk profile - including periodic updates and papers to risk committees.
  • Proactively identify gaps in countermeasures and remediate through project and operational mechanisms.
  • Perform targeted research / deep dives on areas of concern.
  • Ensure respective policy, standards, processes and controls meet regulator and compliance expectations.
  • Other activities as required by management.

What you'll bring:

  • 10 + years in cyber risk / cyber defence related role.
  • Knowledge of IT security controls framework (including NIST CSF, NIST 800-53, SCF)

A diverse and inclusive workplace works better for everyone.

At NAB, we’re intent on building a culture we can all be proud of. One based on trust and respect. An uplifting environment where every single one of us feels appreciated and empowered to be our true, authentic selves. A diverse and inclusive workplace where our differences are celebrated, and our contributions are valued. It’s a huge part of what makes NAB such a special place to be.

More focus on you
We are committed to delivering a positive experience for our colleagues and a workplace you can be proud of. We support our colleagues to balance their careers and personal life through flexible working arrangements such as hybrid working and job sharing and competitive financial and lifestyle benefits. We invest in our colleagues through world class development programs (Distinctive Leadership and Career Qualified in Banking), and empower you to learn, grow and pursue exciting career opportunities. For more information, please click here

Join NAB
If you think this role is the right fit for you, we invite you to apply. If you require any reasonable adjustments to the recruitment process or the role, please let the recruitment consultant know.

To be eligible to apply, you must have Australian or New Zealand citizenship or Australian permanent residency status. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert.

Please note unsolicited CVs from agencies will not be accepted.

You’ve got this!