Manager, Cybersecurity & Technology Control Assessment

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

Technology Infrastructure and Innovation (TI&I) spans the areas of Technology, Information Security, Deposit Operations, Loan Operations, Project Management, Data Management Office, Corporate Real Estate, Corporate Security, and Risk & Governance. TI&I delivers operational excellence by effectively managing the technology and operations required to run the bank, enables the bank's transformation by focusing on clients, innovating for the future and simplifying operations and supporting the bank's growth objectives through flawless execution of strategic initiatives.

Governance and Oversight is a First Line control group within the Three Lines of Defense model. As a first line control group, we empower CIBC’s Control Framework, which sets out the objectives for the design of the internal control environment aligned to the Risk Appetite Statement (RAS). We serve the Bank’s strategy to deliver a superior client experience through the stewardship of sustained and effective risk discipline. US TI&I Governance & Oversight enables the Bank’s strategic mandate to maintain financial strength and risk discipline while advancing our purpose-driven culture. We collaborate with the strategic Business Units and work across Functional Groups to grow our business resiliency and value while managing risk. In addition, we steward the processes for assessing the design and operating effectiveness of the internal control environment, and we strengthen the CIBC Risk Management Framework with related policies and processes. 

What You’ll Be Doing

As the Manager, Cybersecurity & Technology Control Assessment you will independently conduct control testing, providing assessment, consulting, and reporting on operational risk and controls involving people, technology, processes or external events that arise from audit and control testing​. Independently understand and follow the qualitative and quantitative components of our Risk Appetite Statements. You escalate matters through one of the appropriate channels identified in the CIBC Code of Conduct (i.e., HR, management, Ethics Hotline, Whistleblower, etc.) upon observing activities that may be inconsistent with CIBC’s policies, frameworks, guidelines, processes and controls. Speaking up if witnessing behaviors that drive poor or unfair outcomes for clients, team members or other stakeholders and escalating matters that can result in adverse market practices and outcomes, thereby negatively impacting CIBC’s reputation as a leading financial institution. You work closely with the Sr. Managers and/or Program Director of the US TII Control Assessment Program on completion of cybersecurity on cybersecurity and information technology control design and operating effectiveness testing. Additionally, you independently assist in the development of cybersecurity control testing program to align requirements from Governance and Regulatory bodies and maintain awareness of regulatory changes across the industry, analyzing how the changes will affect the line of business, and creating a strategy to implement such changes within US TI&I 

At CIBC we enable the work environment most optimal for you to thrive in your role. Details on your work arrangement (proportion of on-site and remote work) will be discussed at the time of your interview.

How You’ll Succeed

• Risk Management – Leverage you technology and cyber security risk management expertise to share your knowledge by introducing ideas to the organization to continuously maintain an acceptable risk posture that is aligned with the industry peers, regulatory requirements and CIBC’s risk appetite.

• Understand Requirements – Conduct analysis of processes and functional requirements to provide proactive advice and guidance to internal stakeholders to ensure that the requirements and work packages are appropriately defined and completed.

• Time and Project Management – Leverage your strong project management skills to proactively manage timelines by keeping direct managers and internal client informed of predicted/ preliminary results and proactively communicate reasonable estimated time to completion by avoiding working up to the last minute for every task or adding burden to direct manager or the rest of the organization.

• Internal Client Engagement – Meet with internal clients to understand their priorities and advise them on technology and cybersecurity risk management solutions. Use your knowledge of cybersecurity and technology to protect the organization by providing proactive advisory services to the technology and cybersecurity teams in deploying risk management measures and in remediating known issues.

• Communication – Exhibit strong verbal and written communication skills. You will communicate effectively with internal and external teams, and different lines of business.

• Relationship Management – You’ll create trusted advisory relationships with all partners cross risk management function across all lines of defense, inclusive of Operational Risk Management, Internal Audit, Enterprise counterparts, and control assessment teams.

• Collaboration –  Engaging with cross functional teams across all three lines of defense to foster open communication, value diverse perspectives, ensuring that all voices are heard, and contributing to shared success. You will  build trust within the team, encouraging a supportive environment that enhances creativity and problem-solving.

Who You Are

• You have a degree/diploma in accounting, cybersecurity, technology, finance or a related field. Minimum of 5-7 years of experience in technology or cybersecurity front-line testing/ audit/enterprise/operational risk management/or management consulting coupled with professional certification in Technology Risk, Cybersecurity Risk and audit related certifications (e.g. CISA, CISSP, CISM, CRSC, etc).

• You demonstrate experience conducting or managing Internal and External audits, understanding audit methodologies and standards (e.g., IIA Standards, ISACA guidelines). You are aware of and possess experience in applying new technologies such as robotic process automation (RPA) and AI to enhance control testing. You are experienced in designing and executing control testing plans, including walkthroughs, sampling, and substantive testing and possess an experience with both manual and automated testing techniques.  You also have an experience in creating process flow at optimal levels to provide concise depiction of current and future state in order to identify and convey applicable risks and controls. You’re creative, resourceful and tenacious, and have the ability to clearly depict information that can be communicated and presented in the most engaging and meaningful way. Additionally, you have worked independently and have experience in working in cross-functional teams where you have successfully influence without authority across all levels of the organization.

• You put our internal clients first. You engage with purpose to find the right solutions. You go the extra mile, because it's the right thing to do. You ensure all critical deadlines are met without adding unnecessary steps or burden to the process that would impact internal clients negatively.

• You embrace and champion change. You’re flexible and can pivot easily. You'll continuously evolve your thinking and the way you work in order to deliver your best. You’re an idea generator who can execute on those ideas and lead cross-functional teams toward the finish line.

• You are a strong communicator. Strong interpersonal, communication (oral and written) and problem-solving skills, including effective engagement with senior leaders of the organization.

• You give meaning to data. You enjoy investigating problems and making sense of information. You support the department and the organization by accurately comprehending data and data sources in order to provide the most meaningful analysis, inclusive of understanding how to work with unstructured date or the need to append additional data to existing data extract from source system.

California residents — your privacy rights regarding your actual or prospective employment

At CIBC, we offer a competitive total rewards package. This role has an expected salary range of $112,500 - $130,000 for the market based on experience, qualifications, and location of the position. The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which may also include a discretionary bonus component. CIBC offers a full range of benefits and programs to meet our employee’s needs; including Medical, Dental, Vision, Health Savings Account, Life Insurance, Disability, and Other Insurance Plans, Paid Time Off (including Sick Leave, Parental Leave and Vacation), Holidays and 401(k), in addition to other special perks reserved for our team members.

#LI-TA

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.

• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

• CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com

• You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

• We may ask you to complete an attribute-based assessment and other skills tests (such as simulation, coding, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.

Job Location

IL-70 W Madison St, 10th Fl

Employment Type

Regular

Weekly Hours

40

Skills

Analytical Thinking, Control Frameworks, Decision Making, Group Problem Solving, Operation Risk Management, Risk Analytics, Risk Assessments, Risk Governance