Westpac Banking Corporation has named Richard Heeley as its new chief information officer, plucking the senior technology executive from rival Macquarie Group to lead a sweeping digital transformation that will lean heavily on Microsoft’s cloud, security, and productivity stacks. Announced on June 24, 2026, Heeley will take the reins later this year, succeeding Scott Collar, who is retiring after a seven-year tenure that saw Westpac navigate a pandemic, accelerated digitization, and mounting regulatory demands.
Heeley steps into the role at a critical juncture. Australia’s second-largest bank is in the midst of a multi-year program to modernize core banking systems, migrate workloads to the cloud, and shore up defenses against a relentless wave of cyberattacks targeting financial institutions. His appointment signals that Westpac is betting on deep engineering prowess and a hard-nosed focus on operational resilience—areas where Heeley’s track record at Macquarie, a bank renowned for its technology-forward culture, will prove decisive.
A Macquarie Veteran with a Cyber and Engineering Pedigree
Richard Heeley spent more than a decade at Macquarie Group, most recently serving as its global head of banking and financial services technology. In that role, he oversaw the technology stack powering Macquarie’s retail banking, wealth management, and business banking divisions. He earned a reputation for driving large-scale platform revamps, consolidating legacy systems, and embedding security into every layer of the software delivery lifecycle.
Colleagues describe Heeley as a hands-on leader who still reads code and understands kernel-level security implications. That technical depth is rare at the CIO level and aligns with Westpac’s stated priority of building a “resilience-by-design” culture. His time at Macquarie also exposed him to the rigors of operating under APRA’s CPS 234 information security standard, which demands that regulated entities maintain robust controls over third-party providers—a challenge that will only intensify as Westpac deepens its reliance on Microsoft Azure, Microsoft 365, and the broader Windows ecosystem.
The Microsoft Stack at the Center of Westpac’s Digital Shift
Westpac has been a vocal Microsoft customer for years. The bank runs thousands of workloads on Azure, uses Microsoft 365 for collaboration, and manages a fleet of over 40,000 Windows endpoints. Under Collar, the bank began piloting Windows 11 on test machines in late 2024, and Heeley will inherit a migration timetable that must be completed before Windows 10 reaches end of life in October 2028. That transition is not just a desktop refresh—it’s a security imperative.
Windows 11 brings hardware-rooted security features like TPM 2.0 attestation, virtualization-based security, and hypervisor-protected code integrity (HVCI) that are tailor-made for high-value targets like banks. Heeley’s cyber background suggests he will accelerate the rollout and pair it with Microsoft Defender for Endpoint, Sentinel SIEM, and Azure Active Directory Conditional Access to build a zero-trust architecture. Early moves may include enforcing phishing-resistant multi-factor authentication with Windows Hello for Business and FIDO2 security keys across the entire workforce.
On the engineering side, Westpac is investing in a cloud-native, API-first banking platform code-named “Aurora.” The platform is being built on Azure Kubernetes Service (AKS) using a microservices pattern written primarily in .NET 8 and C#. Heeley’s experience at Macquarie, which has its own advanced cloud-native stack, will be instrumental in maturing Aurora’s DevOps pipelines, embedding policy-as-code with Azure Policy, and ensuring compliance scanning is automated through GitHub Advanced Security for Azure DevOps. Skyrocketing demand for real-time payments and open banking APIs means Heeley must also champion Microsoft’s Power Platform and Azure API Management to expose secure, governed APIs to fintech partners while preventing data leakage.
Cyber Resilience Takes Center Stage
The Australian financial services sector is under siege. In 2023 and 2024, a series of high-profile breaches at companies like Latitude Financial and Medibank—and even a previous incident at Westpac’s subsidiary, BT—put regulators on high alert. APRA’s new CPS 230 operational resilience standard, effective from July 2025, requires banks to identify critical operations, set tolerance levels for disruption, and prove they can recover within acceptable timeframes. Heeley’s mandate is crystal clear: ensure Westpac never makes headlines for the wrong reasons.
This will likely translate into a deeper embrace of Microsoft’s security ecosystem. Azure Firewall, DDoS Protection, and Web Application Firewall will become non-negotiable for internet-facing apps. Sentinel’s AI-driven threat detection, coupled with Microsoft’s threat intelligence feeds, will be tuned to hunt for nation-state actors targeting SWIFT transactions and interbank settlements. Heeley’s team will also need to harden the bank’s extensive network of ATMs, many of which still run on embedded Windows versions nearing end of support. A rapid upgrade to Windows 10 IoT Enterprise LTSC or Windows 11 IoT Enterprise, backed by Azure Arc for centralized patch management, is a likely early win.
Succeeding Scott Collar: A Tough Act to Follow
Scott Collar joined Westpac as deputy CIO in 2018 and was promoted to group CIO in September 2019. His tenure was defined by the bank’s response to COVID-19—which turbocharged online banking adoption—and the messy exit of Westpac’s New Zealand wealth business. Collar drove a 30% reduction in technology run costs while increasing investment in digital channels, and he championed the initial migration of mission-critical workloads to Azure. He also navigated the aftermath of AUSTRAC’s money-laundering scandal, where IT played a role in transaction monitoring.
Heeley inherits a much cleaner slate but with loftier expectations. The bank’s next strategic plan, expected to be unveiled at its 2026 investor day, will almost certainly highlight “digital-first” banking, AI-powered customer experiences, and operational efficiency targets that demand further IT cost containment. Analysts will watch closely to see if Heeley can replicate Macquarie’s trademark agility—the so-called “Red Book” culture of small, autonomous engineering teams—inside a 200-year-old institution with a far more complex regulatory overlay.
The Windows 11 Enterprise Tipping Point
For Windows enthusiasts and IT professionals, Westpac’s CIO change is more than a personnel update. It represents a bellwether for how large regulated enterprises will approach the Windows 11 upgrade cycle. Banks, notoriously conservative, have been slow to move off Windows 10, but the 2028 end-of-support cliff is now only two years away. Heeley’s appointment may fast-track deployment decisions, as cyber-savvy CIOs recognize that staying on an aging OS is an open invitation to ransomware groups.
Westpac’s endpoint environment includes not just desktop PCs but also kiosk-style terminals in branches, trader workstations running Windows 10 Enterprise multi-session via Azure Virtual Desktop, and virtual machines hosted on VMWare and Nutanix clusters—soon to be migrated to Azure Stack HCI. Coordinating a bank-wide upgrade requires airtight application compatibility testing, especially for in-house .NET Framework 4.8 apps and COM-based plug-ins that still anchor parts of the mortgage origination system. Heeley’s engineering DNA should manifest in technologies like Test Base for Microsoft 365 and the Universal Print integration, which eliminates legacy print servers—a long-standing security nightmare.
Banking on AI and Copilot
No modern CIO’s agenda is complete without artificial intelligence. Microsoft’s Copilot stack—including Copilot for Microsoft 365, Copilot for Security, and Copilot for Azure—will be on Heeley’s radar from day one. While banks remain cautious about letting large language models touch customer data, Copilot for Microsoft 365 can already summarize long email threads, draft reports, and auto-generate PowerPoint slides from loan portfolio data without exposing customer PII externally. Copilot for Security, integrated with Sentinel, enables natural-language threat hunting, a capability that could help Westpac’s SOC analysts triage incidents 40% faster, as Microsoft claims for early adopters.
More ambitiously, Heeley could greenlight pilots of Azure OpenAI Service to build internal chatbots that help branch staff answer complex policy questions or assist credit analysts in summarizing financial statements. All such initiatives will require rigorous data labeling and access controls, likely enforced through Azure Information Protection and Microsoft Purview. His Macquarie experience, which included deploying machine learning models for fraud detection on Azure Machine Learning, gives him a head start in separating hype from genuine ROI.
Engineering Culture Overhaul: From Waterfall to DevOps
At Macquarie, Heeley was known for dismantling waterfall-style project delivery in favor of continuous deployment pipelines. Westpac has made progress, but pockets of manual, ITIL-heavy change management persist, especially around mainframe systems that still process overnight batch jobs. Transforming the culture to embrace “you build it, you run it” philosophies, paired with modern observability tooling like Azure Monitor and Application Insights, will be a multi-year endeavor.
This cultural shift will have a direct impact on the Windows ecosystem foot print. Instead of maintaining sprawling, golden-image Windows Server 2019 VMs patched via SCCM, engineering teams will be encouraged to adopt immutable infrastructure principles: Windows containers on AKS, serverless Azure Functions, and PaaS-only SQL databases. The outcome? Fewer patching windows, faster time-to-market, and a dramatically reduced attack surface. It also aligns with Microsoft’s long-term bet on Azure Arc for hybrid management, allowing Westpac to manage on-prem servers alongside cloud resources from a single pane of glass.
Industry Implications and What to Watch
Heeley’s move from Macquarie to Westpac is a notable instance of talent migration within Australia’s financial services technology leadership. It mirrors a broader global trend where banks are hiring CIOs with deep engineering and cyber backgrounds rather than pure business-technology generalists. For the Windows community, it’s a signal that the largest enterprises are doubling down on Microsoft as a strategic platform, not just a vendor.
In the coming months, watch for Westpac to announce expanded Azure capacity agreements, perhaps even an Azure Edge Zone deployment in its Sydney data centers to reduce latency for real-time payment processing. Also, look for job postings seeking engineers proficient in Windows Autopilot, Intune, and Microsoft Graph API—skills that will be essential to the zero-touch device provisioning Heeley is expected to champion. Finally, any move to adopt Azure Active Directory’s (now Entra ID) decentralized identity capabilities for customer authentication could reshape how millions of Australians log into their bank accounts.
Heeley’s success will ultimately be measured in two dimensions: the availability and integrity of Westpac’s digital channels, and the speed at which new features—conceived in Microsoft-hosted dev environments—reach customers. If he can marry Macquarie’s engineering rigor with Westpac’s scale, the bank may finally shed its legacy IT reputation and become a case study for the Windows-centric, cloud-native enterprise.