Senior Analyst, Cyber Security and IT Risk Management, Global Security

330 FRONT ST W:TORONTO, Canada

Apply now Apply later

Job Summary

Job Description

What Is The Opportunity?

RBC’s Global IT Risk (GITR) function enables the protection of RBC's brand, systems, and operations by equipping the business and technology partners with meaningful insights, actionable advice, and information on RBC IT & Cyber risks. Join our dynamic team as a “Senior Analyst - Cyber Security, and IT Risk Management”, where you will play a pivotal role in advancing our organization's technology, risk, security, and operations landscape. You will execute risk-based control testing activities, independently evaluating the design, implementation, and operating effectiveness of these controls to enhance our first line of defense (1LOD). This role is essential in supporting the identification and mitigation of operational, IT, and regulatory risks. As a result of work performed as part of this role, you will greatly contribute towards the implementation of enterprise-wide initiatives aimed at improving technology operations risk management practices. Your expertise will be crucial in driving change and overall improvement across the organization’s approach to IT and Cyber risk. This is an advanced senior position, offering opportunities to work across the organization, functions, and make a significant impact.

What Will You Do?

  • Internal Control Testing: Participate in all phases of the internal control monitoring process, including planning, testing, evaluating risk, identifying mitigating controls, developing conclusions, writing reports, and maintaining work papers.

  • Execute Control Testing: Perform risk-based control assessments to evaluate the design, implementation, and operating effectiveness of IT and Operational Controls. Document test work while adhering to quality standards, procedures, and organizational best practices. Responsible for executing Control Assessments (i.e., Testing) of Technology and Operation’s [T&O’s] first line Key Controls across various domains (including Cyber security, Cloud Operations, Service and Capacity management, Network Operations). May act as designated lead tester/reviewer of control testing engagements.

  • Conduct Concurrent Control Testing Engagements: Collaborate internally and externally across multiple concurrent testing engagements of varying complexity, ensuring they are completed efficiently and within timelines. Identify potential issues, conflicts, and risks, and escalating as necessary.

  • Control Testing Reporting: Analyze, aggregate, and articulate the results, issues, and recommendations related to control testing activities or other control monitoring activities and regulatory exams.

  • Stakeholder Collaboration: Establish and maintain strong working relationships across business units and platforms. Collaborate with various groups to define and achieve deliverables, acting as a trusted advisor on control documentation and testing. Collaborate and liaise with 2LOD and 3LOD (Internal Audit) when required.

  • Control Deficiency Management: Coordinate with stakeholders to log, manage, and track control deficiencies. Assess remediation plans to ensure they are designed to effectively reduce risk and verify that corrective actions are implemented according to plan.

  • Subject Matter Expertise: Serve as a trusted advisor, advising stakeholders on control documentation and testing, ensuring compliance with organizational policies, regulatory requirements, and industry standards.

  • Stay Informed: Maintain a thorough understanding of external technology and cybersecurity trends, emerging technologies, and internal technology and cyber risk management approaches. Collaborate with other teams on IT risk-related initiatives to provide guidance and ensure the organization's risk posture aligns with its overall risk appetite. Maintain thorough understanding of organization's governing policies and standards, IT control testing methodologies, and related regulatory and compliance standards.

What You Need to Succeed?

Must have:

  • Educational Background & Certifications: Degree in Computer Science, Engineering, or a related field is required. Either CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Security Auditor), or CISSP (Certified Information Systems Security Professional) is preferred.

  • Experience: Minimum of 3 years’ experience in Information/Cyber Security, IT Risk Management, IT Operations, or Technology, with at least 3 years focused on controls testing, internal audit, quality control, risk management, or compliance. Ideally, within the financial services industry, a public accounting firm, or a financial institutions regulator.

  • Technical Proficiency: A strong understanding of technology and cyber risk management is crucial. Experience with IT risk management practices is highly valued.

  • Project Management & Organizational Skills: Strong organizational, project management, and time management capabilities are essential. You must be deadline-driven and results-oriented, able to consistently meet high-quality standards while managing multiple tasks and deadlines.

  • Communication Skills: Demonstrated excellence in both written and oral communication is a must. You should be proficient in effectively and timely communicating with stakeholders, understanding their information and communication needs, and presenting information clearly and persuasively.

  • Analytical Thinking: Strong analytical and rational thinking, supported by solid writing skills are essential for documenting and communicating test work effectively. You should be able to grasp stakeholder expectations and align your communication accordingly.

  • Industry Insight: An understanding of the financial services industry or technology sector, coupled with a familiarity with regulatory environments, will greatly enhance your ability to succeed in this role.

Nice-to-have:

  • A strong understanding of financial services industry and experience with Compliance and Industry framework such as ISO27001, NIST 800-53, NIST CSF, NIST 800-171, COBiT etc.

  • Knowledge of OSFI, FINRA, SEC, MSRB, FRBNY and OCC rules and regulations.

  • Strong knowledge of rules, regulations and compliance requirements for the financial services industry concerning hybrid cloud and multiple technology domains specific to the areas of oversight.

  • Working experience in cybersecurity and/or IT risk management spaces.

  • Big Four (4) IT risk consulting and/or audit experience.

What's In It For You?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

  • A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable.

  • Leaders who support your development through coaching and managing opportunities

  • Ability to make a difference and lasting impact.

  • Work in a dynamic, collaborative, progressive, and high-performing team

  • A world-class training program in financial services

  • Flexible work/life balance options.

  • Opportunities to do challenging work.

#LI-Hybrid

#LI-POST

Job Skills

Confidentiality, Cyber Security Management, Decision Making, Detail-Oriented, Encryption Software, Group Problem Solving, High Impact Communication, Information Security Management, Information Technology Security

Additional Job Details

Address:

330 FRONT ST W:TORONTO

City:

TORONTO

Country:

Canada

Work hours/week:

37.5

Employment Type:

Full time

Platform:

TECHNOLOGY AND OPERATIONS

Job Type:

Regular

Pay Type:

Salaried

Posted Date:

2024-12-05

Application Deadline:

2025-01-04

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Inclusion and Equal Opportunity Employment

At RBC, we embrace diversity and inclusion for innovation and growth. We are committed to building inclusive teams and an equitable workplace for our employees to bring their true selves to work. We are taking actions to tackle issues of inequity and systemic bias to support our diverse talent, clients and communities.
​​​​​​​
We also strive to provide an accessible candidate experience for our prospective employees with different abilities. Please let us know if you need any accommodations during the recruitment process.

Join our Talent Community

Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.

Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: CISA CISSP Cloud COBIT Compliance Computer Science CRISC Encryption ISO 27001 Monitoring NetOps NIST NIST 800-53 Risk management

Perks/benefits: Career development Competitive pay Equity / stock options Flex hours Team events

Region: North America
Country: Canada

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.