Manager, Cyber and Technology Control Assessment

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

Are you interested in transitioning your internal auditing skills toward front-line cyber security and information technology validation? If this is you, come help manage our newly formed cyber security and information technology validation program to put your audit experience towards high-impact risk detection through controls validation and assessment!

Technology Infrastructure and Innovation (TI&I) spans the areas of Technology, Information Security, Deposit Operations, Loan Operations, Project Management, Data Management Office, Corporate Real Estate, Corporate Security, and Risk & Governance. TI&I delivers operational excellence by effectively managing the technology and operations required to run the bank, enables the bank's transformation by focusing on clients, innovating for the future and simplifying operations and supporting the bank's growth objectives through flawless execution of strategic initiatives.

[This role is open to remote/hybrid or on-site work arrangement.]

Job Responsibilities:

• Design, execute, and report on an cybersecurity and technology risk based program for lines of businesses within US TI&I

• Report to the US TI&I Control Assessment Program Director on completion of cybersecurity control design and operating effectiveness

• Assist in the development of cybersecurity and technology control testing portfolios to align requirements from Governance and Regulatory bodies

• Lead, coordinate, and liaise between US TI&I Lines of Business Leaders and other lines of defense

• Collaborate with business units in developing and monitoring corrective action plans when responding to Audit, Compliance, Self-Assessed, or regulatory examination findings

• Assess cybersecurity and technology residual risks based on current vs future control environment to mitigate current and emerging cybersecurity risks

• Identify cybersecurity and technology control design and operating effective gaps, inclusive of ensure remediation plan exists to mitigate known risks

• Maintain awareness of regulatory changes across the industry, analyzing how the changes will affect the line of business, and creating a strategy to implement such changes within US TI&I

Qualifications:

• BS or MS (Risk Management, Business, Finance or similar) or equivalent professional/military experience

• IT risk and control related certifications preferred (e.g. CISA, CISSP, CISM, CRSC, etc.)

• 5-8 years of experience in audit/enterprise/operational risk management/or management consulting, required

• Working knowledge of cybersecurity, technology, operational, compliance and reputation risks

• Comfortable performing ad-hoc statistical analysis using pivot tables, VLOOKUP, complex formulas, and other advanced Excel functions to determine root causes and trends related to testing failures

• Experience with internal audit practices and/or within banking industry is a plus

• Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls a plus

• Strong project management skills, including the ability to adapt to change quickly, multi-task and demonstrate flexibility in prioritization based on requested tasks

• Data analysis and visualization skills using Excel or other analysis software

• Strong oral and written communication skills at all levels of an organization

• Forward thinker, strong drive, and ability to work independently in a team-oriented and fast-paced environment

• Strong working knowledge of regulatory requirements to perform and ensure an appropriate level of testing

California residents — your privacy rights regarding your actual or prospective employment

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.

• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

• CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com

• You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

Job Location

IL-70 W Madison St, 8th Fl

Employment Type

Regular

Weekly Hours

40

Skills

Analytical Thinking, Analytical Thinking, Audit Controls, Audit Testing, Control Frameworks, Cybersecurity Assessment, Cybersecurity Controls, Cybersecurity Risk Assessment, Decision Making, Disaster Recovery (DR), Disaster Recovery Planning, Group Problem Solving, Information Technology (IT) Business Strategies, Information Technology (IT) Efficiency, Information Technology (IT) Infrastructure, Information Technology (IT) Services, Information Technology (IT) Solutions, Information Technology (IT) Support, Information Technology Applications, Information Technology Governance, Operational Risks, Operation Risk Management, Recovery Planning, Risk Analytics, Risk Assessments {+ 2 more}