Director, Cyber Resilience & Risk Management
Toronto
Equitable Bank
At Equitable Bank, we specialize in providing branchless financial services that meet the unique needs of all Canadians. Our range of mortgages, savings accounts and investment options are designed to offer the right solutions to match any...
Purpose of the JobThis role is responsible for the directing, planning and organizing the bank’s Cyber Risk Management, Cyber Supply Chain Risk management, Enterprise Cyber Security Controls management and resilience testing capabilities. This role develops and manages processes that manage Cyber risk lifecycle from identification to treatment and monitoring. This role facilitates the communication and presentation of cyber risk information to critical technology and business stakeholders.
Main Activities:
- Overseeing and maturing the bank’s Cyber Resilience Testing program e.g. Red team exercises, cyber threat simulations.
- Develop and oversee approach to measuring effectiveness of EQBank’s Enterprise Cyber Security Controls.
- Manage the process for measuring, tracking and reporting cyber capabilities maturity levels.
- Support Cyber Roadmap and planning processes by analyzing controls, maturity and risk information to identify high priorities for the bank’s cyber security program.
- Develop and manage the Cyber security Policy exception and risk acceptance processes of the bank.
- Oversee the bank’s activities to manage third-party cyber risk exposure, working closely with the 2nd Line of Defense in alignment with the bank’s Third-Party Risk Management framework.
- Develop the bank’s data driven risk reporting medium to technology and business to ensure transparency and risk-informed decision making while also developing means of measuring and reporting on risk appetite breaches.
- Oversee the development and management of the bank’s cyber risk register, ensuring alignment with Enterprise Risk Management and Operational Risk Management practices.
- Develop and maintain IT Asset controls and applicability tools and documentation.
- Manage the methodology and tools to operationalize the bank’s Cyber Measurement practice, providing accurate and timely reports on KRIs and OKRs.
- This role manages people managers and as result provides mentoring and coaching to ensure teams within purview can effectively perform their duties.
- Develops and maintains cyber risk analysis methodology and provides input into prioritized investment in cyber security controls
- develops technical plans and technological roadmaps to address areas of risk in alignment with the corporate, technology and cyber strategic objectives.
- Drive cross-functional collaboration to achieve objectives of the programs in purview.
- Responsible for maintaining the standards, procedures and guidelines for domains under purview.
- Develop and manage measures to ensure effective monitoring control adequacy and compliance for areas under purview
- Developing and Managing means of measured performance of control processes and technologies for areas under purview.
- Provide technical guidance for team and subject matter advise to stakeholders.
Knowledge/Skill Requirements:
- A college diploma or university degree in computer science (or related course) or Industry recognized certifications (e.g. CISSP) with 7 years cyber security experience is required.
- Minimum of 8 years of technical IT experience.
- Minimum of 6 years of Cyber Security experience
- Strong knowledge of cyber security frameworks, controls and practices
- Strong engineering or security architecture knowledge, (prior hands-on technology engineering experience is preferred)
- Good understanding of human risk factors and techniques for managing this risk, including security awareness programs.
- Cyber Risk Quantification and Analysis (Cyber Risk Management). Specific knowledge with FIAR methodology preferred.
- Good knowledge of cyber threats, risks and control design best practices.
- People & resource management
- Strategic and Financial Planning
- Good knowledge of Insider risk management tools and techniques
- Process & capability Management
- Technology Roadmaps
- Ownership & Accountability
- Good documentation skills
- Strong presentation skills
- Business communication of technical topics.
- Good interpersonal skills, with proven track record of developing relationships and communicating conceptual information effectively to individuals unfamiliar with subject material.
- Strong organizational skills: demonstrated ability to manage time and adhere to tight deadlines.
- Confident, personable, credible professional presence.
- Required to use creativity to solve problems, especially in unique or complex situations.
- Requires influence of organizational culture as such requires strong interpersonal skills, competence to draw stakeholder confidence and excellent presentation skills.
- The role involves both routine tasks and complex planning, with strategic importance.
- Ability to adapt to constantly changing technical, regulatory, and compliance environments.
- Analytical mind capable of managing numerous information sources, making decisions, and providing data analysis reports to management.
- Involves analyzing data to make recommendations and find solutions.
Communication Skills:
Job Complexities/Thinking Challenges:
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
2
0
0
Categories:
Architecture Jobs
Compliance Jobs
Leadership Jobs
Tags: CISSP Compliance Computer Science Monitoring OKR Red team Risk analysis Risk management RMF
Perks/benefits: Transparency
Region:
North America
Country:
Canada
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Senior Security Analyst jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsSenior Network Security Engineer jobsSecurity Consultant jobsIT Security Engineer jobsCyber Security Specialist jobsSenior Penetration Tester jobsSecurity Specialist jobsSenior Information Security Analyst jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsSystems Engineer jobsSystems Administrator jobsInformation System Security Officer (ISSO) jobsSenior Product Security Engineer jobsCloud Security Architect jobsIT Security Analyst jobsPrincipal Security Engineer jobsStaff Security Engineer jobsSecurity Operations Analyst jobsCybersecurity Specialist jobs
DevSecOps jobsKubernetes jobsEncryption jobsPowerShell jobsIDS jobsSplunk jobsSaaS jobsEDR jobsSDLC jobsIPS jobsRMF jobsSQL jobsTop Secret jobsIntrusion detection jobsBash jobsCompTIA jobsThreat detection jobsITIL jobsFinance jobsOWASP jobsDoDD 8570 jobsCRISC jobsDocker jobsActive Directory jobsBanking jobs
UNIX jobsTCP/IP jobsVPN jobsGIAC jobsTerraform jobsSANS jobsClearance Required jobsIT infrastructure jobsHIPAA jobsSOX jobsSOC 2 jobsOSCP jobsCISO jobsIndustrial jobsJavaScript jobsCCSP jobsData Analytics jobsDNS jobsSOAR jobsPolygraph jobsJira jobsAnsible jobsMITRE ATT&CK jobsCyber defense jobsGCIH jobs