Senior Security Consultant, Cryptographic Service Management
About The Position
As a Senior Consultant, Cryptographic Service Management, you will join CIBC's Information Security department to play a critical role in shaping and evolving the enterprise-wide cryptographic strategy. This position focuses on ensuring the security and resilience of CIBC’s cryptographic services, including Hardware Security Modules (HSMs), key management, x.509 certificates, Public Key Infrastructure (PKI), cryptographic standards, and preparing for the Post-Quantum Cryptography (PQC) era. Your work will directly contribute to protecting Our Bank, Our Clients, and Our Employees by embedding security into the lifecycle of applications and data across the enterprise. You will act as a liaison between technology and business teams, serving as a subject matter expert (SME) for all things cryptography. You will also provide strategic insights, report on service performance using Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), and ensure the department’s cryptographic services align with enterprise goals and industry best practices.
Requirements
- Senior-level experience in cryptographic security concepts.
- Implemented cryptographic solutions and methodologies to ensure the secure design of applications and the protection of sensitive data.
- Key contributor to, or have led, cryptographic security initiatives such as encryption of data (at rest, in transit, and in use), as well as key management and cryptographic controls.
- Strong understanding of data governance, data privacy, and regulatory requirements related to cryptography.
- Passion for cryptographic security, vulnerability management, and adherence to industry cryptographic standards and best practices.
- Ability to identify needs and contribute to governance initiatives by bringing expertise gained in the Cryptography field around practical security governance, in the development of CIBC policies, standards, procedures, and guidelines.
- Technical expertise in support of all activities, processes, procedures and tools related to cryptographic services.
- Experience with key and certificate management systems, protocols, processes as well as cryptographic hardware such as Hardware Security Modules (HSMs).
- Certified professional with current accreditation and good standing CISSP, CISA, or CISM designation.
- Degree/diploma in Computer Science, Engineering, or a related field.
- Ability to influence outcomes by sharing expertise.
- Strong critical thinking skills.
- Values matter to you; bring your real self to work, and live CIBC values - trust, teamwork, and accountability.
- Criminal record check will need to be completed at least annually for the purpose of enhanced screening.
Nice To Haves
- Preparing for the Post-Quantum Cryptography (PQC) era.
Responsibilities
- Manage and oversee the development and maintenance of strategic roadmaps for the domain of Data Security, leveraging deep knowledge of cryptographic technologies, including HSMs, key management, x.509 certificates, PKI, and cryptographic standards.
- Collaborate with various stakeholders to gather requirements, develop business cases, and lead subsequent projects (including POCs) to support the strategy.
- Maintain a continuous improvement mindset, evaluating and implementing new cryptographic technologies such as Post-Quantum Cryptography to address emerging threats and enhance the security of the domain.
- Provide guidance on the secure design, implementation, and operation of cryptographic services across the enterprise.
- Direct the review, development, testing, and implementation of cryptographic security plans, products, and control techniques.
- Build and present documentation to executive management and leadership teams, effectively conveying complex cryptographic concepts, strategies, and the benefits of proposed security programs.
- Provide awareness and training to application development teams on cryptographic services, data protection, and industry best practices.
- Assess business needs against potential risks and communicate recommendations to enhance the organization’s information security landscape.
- Demonstrate exceptional collaboration and stakeholder management skills to drive alignment across diverse teams.
- Act as a trusted advisor within the broader team, influencing application development, operational, and infrastructure teams to integrate cryptographic security controls into their design, and product delivery.
- Stay abreast of the latest threat landscape, proactively assessing emerging threats and their impact on organizational security posture.
- Maintain relationships with peers from other banks and manage vendor relationships for security services and tools within the Cryptographic Services domain.
- Define and report on KPIs and KRIs to measure cryptographic service performance and risk.
- Apply strong problem-solving skills to analyze complex security challenges and propose effective solutions.
- Demonstrate a thorough understanding of enterprise security frameworks, data protection, risk management principles, and regulatory requirements and industry standards related to cryptographic security.
- Act as a security ambassador, advocating for cryptographic best practices and influencing infrastructure and application design activities.
Benefits
- Competitive salary
- Incentive pay
- Banking benefits
- Benefits program
- Defined benefit pension plan
- Employee share purchase plan
- Vacation offering
- Wellbeing support
- MomentMakers, our social, points-based recognition program
- Purpose Day; a paid day off dedicated for you to use to invest in your growth and development
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Associate degree
