CommBank resurrects CISO role

The Commonwealth Bank has resurrected a dormant chief information security officer role, expanding the remit of former cyber security chief Ben Heyes.

Ben Heyes

The CISO role at CommBank has been vacant since 2011 following the departure of Graham Thomson, who spent three years in the position.

Heyes last month started work as the bank’s new chief information security and trust officer after more than three years as its general manager of cyber security, privacy and operational risk, in which he led CommBank's digital protection group.

He retains his former responsibilities in the new CISO role, and remains within the bank’s enterprise services group, but now has expanded scope over CBA’s privacy function. His specific remit will be nutted out over the coming weeks.

Heyes is a vocal lobbyist for improved information security practices, which has helped increase awareness amongst the Commonwealth Bank’s board and key stakeholders.

His team has prepared playbooks for stakeholders across the business as a result of a growing “thirst” for infosec knowledge, and Heyes recently attributed CommBank’s approach to infosec as feeding into the "trust relationship we have with our customers".

Heyes also played a part in the Government’s decision to announce an impending update to the nation’s six-year old cyber security strategy, after lobbying for the ageing policy to be improved in order to better align with the current threat landscape.

"The longer term projection view for the cyber environment is negative - the threats are increasing, the capability of the people posing those threats is increasing and evolving, and at the same time there’s been lots of media reporting about surveillance programs, and they have an adverse impact on online trust,” Heyes told iTnews at the time of the announcement.

“Those factors threaten to undermine the development of the digital economy."

Clarification: This article initially stated the CISO role was newly created, based on provided information. CommBank has clarified that the role previously existed but has been vacant for several years.