True flexibility, meaningful impact, diversity and development – how Australia’s biggest bank is attracting and retaining Cyber talent.
We’re in the midst of a global cybersecurity skills shortage, and the demand for talent isn’t slowing down anytime soon. In this hyper-competitive market, companies must be fast to adapt to the ever-changing expectations of job seekers to provide them a seriously tempting offer (beyond free coffee and ping-pong tables).
CommBank is a household name in Australia, and as the largest bank in the Southern Hemisphere, Cybersecurity is the front line in keeping our customers and communities safe.
But what does CommBank offer Cyber talent? And what keeps our 500+ Cyber team happy and energised? At the forefront of our employee value proposition, we offer our Cyber team a combination of impact & scale in their day-to-day work, true flexibility, a deep focus on diversity & inclusion, and we make their learning & development a priority.
We checked in with some of our people to ask them how these values are lived within the company.
Impact and Scale
“I work in the Cyber Attack & Vulnerability Assessments team, where I lead our Penetration Testers and Offensive Security engineers. We work with all types of data and technologies, depending on the systems that we assess. This extends from our big data clusters to our core banking databases, as well as the customer facing products.
We have over 17 million customers that we’re working to protect, which is why our cyber team has grown to be one of the largest and most advanced in the country. When you think that 40% of all payments across Australia pass through CommBank, our team is working on products and systems that literally impact millions of Australians every day!
The investment CommBank continues to make in our tech teams is significant. They’re investing $6 billion dollars over a 5-year period into our tech and systems. This means there’s a massive variety of technologies we get to work with. CommBank truly cares about security which allows us to dig deep into the technology, and not rush, something often done at organisations where security might not receive enough priority.
This kind of investment in our tech, and support from our senior leadership is important to me. It gives me and my team the encouragement to find new, creative ways to identify security vulnerabilities, and do our best work!”
Jay - Penetration Testing Manager
“I started my role as a General Manager during the middle of the lockdowns across Australia, which meant I didn’t get to meet anyone in person for a few months. This was certainly a unique experience when starting a job, but not unfamiliar to many during that time. I knew CommBank offered flex working options prior to the pandemic; but that time in history has pushed us to re-imagine the way we work.
While many organisations have now returned to their pre-pandemic ways of working, CommBank recognized the value in giving employees the extra flexibility in how, when and where they work.
Within Cyber, we haven’t been prescriptive on which days or the number of days to be in the office. Personally, I’ve left it to individual teams and their managers to coordinate what works for them. However, we encourage teams to get together fairly regularly to remain connected to their colleagues – even when they may be working across different states.
Another benefit of our flexible working setup is that it’s allowed us to draw on a greater talent pool across all of Australia and internationally. We now advertise roles across a wide variety of locations meaning we’re not restricting ourselves by only recruiting from major cities.
Trust is central to our new ways of working, and flexibility will continue to be key going forward. We want to empower our people to do their best work however that may look, and provide flexible options to help them become even more productive.”
Harvey – General Manager CIO Group Security and Engineering
Diversity & Inclusion
“Being relatively new to CommBank, I can only describe the Cyber team as collaborative, inclusive and supportive. It doesn’t matter what your role is, you feel like you’re valued and part of something special. There are no silos in Cyber Security, everyone truly works together and ideas are encouraged and celebrated.
We have a dedicated diversity & inclusion committee where we meet monthly to discuss upcoming events, and how we can create awareness and promote initiatives within our teams. We recently sent volunteers from our Cyber Security team to run a stall at a Girls in Tech event. This initiative focuses on inspiring and encouraging young women to consider pursuing careers in STEM, providing guidance to help them make informed decisions about their future education and career choices.
There’s constant diversity & inclusion initiatives being presented on by colleagues. This has ranged from accessibility awareness, to interactive educational sessions and most recently truth telling of the Stolen Generations as part National Reconciliation Week.
When people see a diverse team, they feel safe and supported to bring their whole selves to work. Personally, I struggled growing up with having pride in myself and being comfortable with my sexual orientation. Working in a diverse team, has invoked that sense of pride and feeling safe to be me.
It’s also important for young people to see that dynamics in the workplace are shifting in a positive way. People’s opportunities are endless because they won’t have that fear of ‘I’m not going to be accepted or good enough because of my ethnicity, my race, my religion, my sexual orientation, my gender’. At the end of the day, being different is the only thing we have in common and it’s this diversity that makes us strong!”
Monique – Change Manager Cyber Delivery
“I lead a team of three exceptional Cyber Security Technical Recruiters that, like me, are passionate about all things Cyber. We engage very closely with our business stakeholders to deeply understand their business, and better source people with the skills they need in the face of a global talent shortage in Cyber.
We’re also developing Programs internally to reskill people with analytical mindsets into Cyber roles that they may not have considered for a career previously. We delivered 10 Reskilling Programs across the Group last year, and are looking to deliver more this year in Cyber.
To take Reskilling to the next level, we recently partnered with UNSW to put a number of our employees through a Cyber Security Fundamentals course at Masters Level. This gives our people a chance to develop an understanding of current Cybersecurity key issues, practices, and trends, with a focus on building a security mindset and advancing their career in Cyber.
Looking to the future, we’re investing in Programs to spark interest in Cyber careers with people at school and university. We’re growing a national pipeline of talent by supporting organisations such as Grok Learning (Programming for students) and a variety of university outreach initiatives.
CommBank has one of the largest Cyber teams in Australia where you can learn from some of the most talented people in the industry. Our people are fully supported in their professional development and internal mobility is encouraged, meaning the development and growth opportunities within CommBank are endless.”
James – Talent Acquisition Manager Cyber