Sydney Office, Australia
Hybrid
When you join ASX, you’re joining a company with a strong purpose – to power a stronger economic future by enabling a fair and dynamic marketplace for all.
In your new role, you’ll be part of a leading global securities exchange with a strong brand. We are known for being a trusted market operator and an exciting data hub.
Want to know why we are a great place to work, click on the link to learn more.
www.asx.com.au/about/careers/a-great-place-to-work
The ASX team brings together talented people from a diverse range of disciplines.
We run critical market infrastructure, with 1 in 3 people employed within technology. Yet we have a unique complexity of roles across a range of disciplines such as operations, program delivery, financial products, investor engagement, risk and compliance.
We’re proud to foster a workplace where diversity is celebrated and inclusion is part of our everyday culture. Our employee-led networks champion LGBTIQ+ inclusion, promote gender equality, accessibility and wellbeing, inspire giving and volunteering, and celebrate cultural and religious events, creating a sense of belonging for all. As an AWEI Bronze employer and member of the Champions of Change Coalition for gender equality, we’re committed to a fair and inclusive workplace where everyone can thrive.
Your Team
The Technology Risk, Business Management & Strategy function supports the ASX Technology division across technology risk, governance, planning and operating‑rhythm activities. The function enables Technology leaders to manage risk, meet regulatory and assurance expectations, and maintain effective governance and performance disciplines.
Your responsibilities
Execute ASX Technology control assurance activities, including planning and performing testing across systems, platforms and teams in line with enterprise methodologies and requirements.
Assess control design and operating effectiveness with a particular understanding of how controls are implemented in technology environments (e.g. infrastructure, applications, cloud, identity, configuration).
Analyse how controls operate in practice, including dependencies between systems, processes and integration points, identifying gaps and weaknesses beyond documented procedures.
Produce clear and defensible testing outcomes, including documentation of evidence-based results, issues and control effectiveness.
Partner with technology stakeholders such as engineers, service owners and platform teams to understand system configurations, processes and control implementation.
Advise on remediation approaches, ensuring proposed solutions align with control requirements, including those of the IT General Controls (ITGC) library, relevant best practice frameworks and obligations.
Support the identification, tracking and resolution of control deficiencies, working with control or framework owners to ensure remediation actions are practical, effective and sustainable.
Contribute to control assurance reporting and insights, including summarising control effectiveness, key issues and emerging themes for various forums and audiences.
Identify opportunities to streamline or improve assurance activities, including through better use of data, tools, automation, or more efficient approaches.
Partner with stakeholders across Technology, Enterprise Risk, Internal Audit and business functions to enable effective control assurance and embed consistent practices.
Your experience and qualifications
Must have
Demonstrated experience in technology control assurance / IT General Controls testing (or equivalent) including assessing design and operating effectiveness.
Proven ability to build and iterate testing procedures, workpapers, and evidence expectations, including where limited prior artefacts or approaches exist.
Strong understanding of how controls are implemented in technology environments, and ability to work directly with technical stakeholders to understand how they work in practice.
Ability to interpret control objectives and translate them into practical testing and evidence requirements, aligned to standardised control libraries, policy frameworks and relevant industry frameworks and obligations.
Ability to produce clear, structured and defensible outputs, and contribute to reporting and insights on control effectiveness, key issues and emerging themes for governance consumption.
Nice to have
Ability to reduce manual effort through data-driven testing, repeatable evidence capture, and automation, including use of scripts, tooling, automation or system-generated evidence.
Experience testing controls in cloud environments and/or modern engineering and delivery contexts (e.g. CI/CD).
Experience operating in regulated environments.
Experience with developing control assurance approaches or methodologies including scheduling.
Relevant risk or technology-related certification (CISA, CISSP, AWS) or equivalent professional experience.
Familiarity with recognised technology and risk frameworks such as NIST, ITIL, COBIT or COSO.
Experience working across multiple lines of defence.
Nice to have
Ability to reduce manual effort through data-driven testing, repeatable evidence capture, and automation, including use of scripts, tooling, automation or system-generated evidence.
Experience testing controls in cloud environments and/or modern engineering and delivery contexts (e.g. CI/CD).
Experience operating in regulated environments.
Experience with developing control assurance approaches or methodologies including scheduling.
Relevant risk or technology-related certification (CISA, CISSP, AWS) or equivalent professional experience.
Familiarity with recognised technology and risk frameworks such as NIST, ITIL, COBIT or COSO.
Experience working across multiple lines of defence.
We make hiring decisions based on your skills, capabilities and experience, and how you’ll help us to live our values. We encourage you to apply even if you don’t meet all the criteria of this role.
If you need any adjustments during the application or interview process to help you present your best self, please let us know at careers@asx.com.au.
At ASX Group, our diverse workforce is essential to build and maintain a fair and dynamic marketplace. We support flexible working and offer hybrid working options. Even if our roles are advertised as full-time, we encourage you to apply if you are interested in part-time or other flexible working arrangements.
We will arrange for successful candidates to have background checks, including reference and police checks, completed as part of the on-boarding process.
To be considered for this position, candidates must be legally authorised to work in Australia on a permanent basis without any restrictions.