Cyber Security Risk Director

About The Position

Requirements

• Completed University Degree or equivalent experience
• 7+ years of related work experience, in which a subset is practical experience in multiple areas of cyber risk and 5+ years of experience at the management level
• Experience with developing and implementing cybersecurity risk oversight programs in the financial services sector, preferably in a 2nd or 3rd line of defense
• Knowledge of current and evolving regulatory requirements, current trends in cyber threats/vulnerabilities
• Advanced knowledge of cyber risk management best practices and how to implement them
• Experience with risk frameworks and standards such as NIST CSF and ISO 27001
• Demonstrated leadership skills and ability to lead oversight activities across different teams
• A keen sense of risk anticipation with attention to details and ability to challenge status quo
• Ability to build relationships, influencing and negotiating across diverse stakeholders across the lines of defense, including senior management
• Excellent written and oral communication skills
• Understanding of systems architecture
• Excellent analytical, organizational and project management skills.
• Strong risk, process, and control validation and/or assessment skills

Nice To Haves

• Experience in Cybersecurity risk consulting in the financial services sector, Cyber security audit or in a similar second line of defense role is an asset
• Proficiency with the COBIT risk framework is considered advantageous
• Professional Certifications in Cybersecurity, such as CRISC (ISACA), CISM (ISACA), CISA (ISACA), CISSP (ISC²), and CCSP (ISC²)

Responsibilities

• Oversight and accountability of the cyber security risk framework and methodologies, conducting both planned and ad-hoc technical risk reviews, evaluating technology and business initiatives with cyber security implications
• Represent Fidelity Canada on FIL cyber governance committees
• Lead the development of Fidelity Canada’s Cyber Risk Oversight Program
• Design, implement, and maintain a comprehensive cybersecurity risk oversight program supported by well-defined policies that align with enterprise risk appetite, regulatory requirements, and industry standards
• Identify and assess cybersecurity risks and advise business units and Information Security stakeholders on risk issues to ensure awareness and accountability for cybersecurity risks.
• Monitor external trends and evaluate potential impacts to business strategy; provide documented analytical insights of the risk profile, while ensuring a sound operational control environment through establishment of effective internal controls.
• Perform review and challenge of first line of defense cyber risk management processes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances etc.) and communicate risk opinions at various levels of management.
• Advise on remediation strategies of any inconsistencies and gaps identified through independent assessments of key cybersecurity processes.
• Provides second line of defense leadership and subject matter expertise during response to major cyber incidents including cyber-security related privacy events and coordinate second line of defense engagement and response.
• Develop and provide regular reporting to senior management committees across Fidelity .
• Responsible for ownership of relationships with external cyber security risk experts
• Ensure all activities and deliverables achieve their timeliness, quality, and accuracy service levels.

Benefits

• Fidelity Canada is committed to fostering a diverse and inclusive workplace.
• Accommodations are available on request for candidates taking part in the selection process.