Director, US Internal Controls Validation

About The Position

Requirements

• 10 years of relevant work experience in the financial industry.
• Large Financial Institution or Large Foreign Banking Organization second line of defense experience preferred.
• At least 5 years of experience in cybersecurity control testing and/or second line of defense independent effective challenge over first line of defense cybersecurity control testing activities.
• Strong understanding of cybersecurity frameworks (e.g. NIST, ISO 27001) and compliance requirements.
• Bachelor's degree preferably in information systems, computer science, information technology, network security, or cybersecurity.
• Cyber related subject matter expert with a strong understanding of cybersecurity principles and tools.
• Excellent leadership and business planning skills.
• Working knowledge of risk assessment, control concepts and methodologies in an Operational Risk context.
• Excellent analytical, communication (written and verbal) and interpersonal skills.
• Solid understanding of regulatory expectations and leading practices of the financial industry for risk management.

Nice To Haves

• Desired certifications include Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Security Manager (CISM).
• Ability to demonstrate CIBC's core values (i.e., trust, teamwork and accountability).
• Good conceptual thinker and ability to synthesize complex information into clear and precise business solutions.
• Ability to manage multiple projects and/or initiatives simultaneously under tight deadlines.

Responsibilities

• Sustain and enhance the US ICV Program and accompanying artifacts.
• Develop US ICV fiscal year plan and provide reporting on program status.
• Provide independent effective challenge over first line of defense control activities and threat based testing.
• Test first line of defense controls as dictated by the US ICV Program.
• Identify and notify the first line of defense of any control gaps, ineffective controls, or non-adherence to testing requirements.
• Promote a 'controls and operational risk culture'.
• Stay current on regulatory changes and industry leading practices in operational risk.
• Recommend changes to first line of defense to enhance oversight, operational efficiency, and effectiveness.
• Manage internal relationships to promote acceptance and implementation of operational risk programs.

Benefits

• Competitive total rewards package.
• Expected salary range of $170K - $190K based on experience, qualifications, and location.
• Eligibility to participate in the relevant business unit's incentive compensation plan, which may include a discretionary bonus component.
• Full range of benefits including Medical, Dental, Vision, Health Savings Account, Life Insurance, Disability, and Other Insurance Plans.
• Paid Time Off (including Sick Leave, Parental Leave and Vacation), Holidays and 401(k).
• Special perks reserved for team members.
• Opportunities for growth and development through initiatives like Purpose Day.