Sr. Director, Cyber Threat Exposure Management
Toronto-81 Bay, 19th Floor
CIBC
Bank on your terms with CIBC – whether it’s in person, over the phone or online, CIBC has you covered.We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.
At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.
To learn more about CIBC, please visit CIBC.com
What you'll be doing
As the Sr. Director, Cyber Threat Exposure Management on the Cyber Delivery and Operations team, you’ll work in a fast-paced environment focused on introducing new security services to the bank and maintaining controls to protect the bank against cyber threats. You will lead multiple teams focused on proactive identification, prioritization and reduction of cyber exposures. You’ll create and set the direction for a centralized enterprise cyber threat exposure management program that continuously seeks to improve the effectiveness, efficiency and speed of resolving security vulnerabilities. You’ll foster key relationships with internal partners to guide and drive remediation, ensure scanning and testing controls continually operate with excellence, and design and deliver dashboards and executive reporting to effectively govern and manage remediation activity. You’ll build, streamline and automate processes to support continued growth at scale given the accelerating pace of the cyber and technology landscape.
At CIBC we enable the work environment most optimal for you to thrive in your role. To successfully perform the work, you’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-2 days per week on-site, while other days will be remote..
How you'll succeed
Proactive vulnerability management – Ensure effective and efficient execution of existing security controls that focus on the proactive detection and timely remediation of security exposures. This includes controls such as maintaining a comprehensive view of the organization’s attack surface, vulnerability scanning, security testing and red teaming activities.
Process optimization and change adoption – Develop and continuously improve security exposure identification and reduction practices, with a focus on harmonizing common output and activities across different teams (e.g. vulnerability management, offensive security) such as risk assessment, stakeholder engagement on patching and remediation, and risk and compliance reporting.
Strategic exposure management – Assess intelligence related to threat actors and their motivations and combine this with an understanding of attack surface and controls to effectively evaluate and prioritize risk and develop strategic exposure reduction actions.
Relationship building - Grow your network, deepen relationships, and guide and collaborate with internal threat intelligence, technology and risk functions across the organization to reduce risk by ensuring that exposures are promptly and effectively addressed within established timeframes.
Enhanced reporting and governance – Enhance and maintain metrics and dashboards to measure, track and report on cyber threat exposure management. This will provide various key stakeholders (e.g. Information Security management, Technology teams, Executives) with an ongoing understanding of risk and compliance status and enable prompt escalation and action.
Proactive preparedness – Lead the planning, coordination and execution of various cyber exercises designed to test preparedness in response to cyber events with the participation of cross-functional teams.
Rapid response – Leverage technical expertise, collaboration and strong communication skills to effectively navigate and address complex threat exposure scenarios with urgency
Who you are
You embrace and advocate for change. You continuously evolve your thinking and the way you work in order to deliver your best.
You're passionate about people. You find meaning in relationships and surround yourself with a diverse network of partners. You connect with others through respect and authenticity.
You give meaning to data. You enjoy investigating complex problems and making sense of information. You communicate detailed information in a meaningful way.
You are a caring and accountable leader. You have experience developing and implementing strategic team goals. You have experience coaching employees and inspiring successful team performance.
You can demonstrate experience in vulnerability management and remediation. It’s an asset if you have experience leading teams responsible for attack surface management, vulnerability and patch management, threat intelligence, threat modeling and risk assessments, penetration testing, red teaming, asset management and/or application security.
You look beyond the moment. You know what you do will make a difference today and tomorrow. You look for new opportunities to define what's possible
Values matter to you. You bring your real self to work and you live our values - trust, teamwork, and accountability.
What CIBC Offers
At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.
We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.
Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.
We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.
*Subject to plan and program terms and conditions
What you need to know
CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com
You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.
Job Location
Toronto-81 Bay, 19th FloorEmployment Type
RegularWeekly Hours
37.5Skills
Cybersecurity Strategies, Cyber Threat Prevention, Leadership, Vulnerability Management* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Banking Compliance Governance Offensive security Pentesting Red team Risk assessment Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs