Job Description The Head of Technology Risk is responsible for establishing and governing TAL’s Technology Risk Management framework, providing independent oversight of the risks arising from the organisation’s technology landscape, digital transformation programs, and data assets. This role ensures that TAL’s technology risk profile is clearly understood, actively managed, and reported within the Board’s approved risk appetite, and that TAL meets its obligations under APRA CPS 230, CPS 234, and CPS 220. This is a critical first-line-of-defence leadership role within the Technology function, working in close partnership with the CIO, the broader Technology Leadership Team, Enterprise Risk, and the CISO to embed a strong risk management culture across all technology domains. The Head of Technology Risk is accountable for ensuring that technology risk is identified, assessed, and governed with rigour and transparency, and for providing the CIO and Board with the assurance needed to make confident, risk-informed decisions about TAL’s technology investment and operations. In this role you will: Own and continuously enhance TAL’s Technology Risk Management framework, ensuring alignment with Enterprise Risk Management and APRA standards across all risk domains (e.g. cyber, cloud, data, AI, change). Lead end-to-end identification, assessment, and monitoring of technology risks, maintaining the Technology Risk Register and escalating material risks to the CIO and relevant committees. Provide independent oversight of compliance with key APRA standards (CPS 230, CPS 234, CPS 220), including control effectiveness, remediation tracking, and regulatory engagement support. Deliver executive-level technology risk reporting, highlighting risk profile, key trends, control performance, and remediation progress against risk appetite. Lead Technology Operational Resilience, including critical operations, tolerance setting, and business continuity/disaster recovery governance and testing. Oversee risk assessment for major technology initiatives (e.g. cloud, AI, transformation), ensuring risks are identified early and managed within appetite before execution. Drive risk appetite, assurance, and culture across Technology, including KRIs, audit remediation, cross-functional alignment (Risk, Compliance, Legal, CISO), psychosocial risk management, and leadership of the Technology Risk team (including FAR obligations).
