Sr. Consultant, Information Security - Open Banking

About The Position

Requirements

• Experience in Information Security Risk Management, Threat-risk assessments, Vulnerability & Penetration testing, and Threat modelling.
• Familiarity with emerging technologies, cloud computing platforms (such as Azure and AWS), exposure to agile development processes.
• Hold or be pursuing a security certification such as CISSP, CISM, or CISA.
• Passion for people, building strong relationships and collaborating with a diverse network of partners.
• Ability to build trust through respect and authenticity, recognized as a trusted advisor to both business and technology leaders.
• Embrace and advocate for change, continuously evolving thinking and approach, adapting to new challenges and driving secure innovation across the organization.
• Digitally savvy, seeking out innovative solutions, embracing evolving technologies, and easily adapting to new tools and industry trends.
• Technical proficiency spans secure-by-design principles, cloud security architectures, API security, and threat modeling methodologies.
• Ability to inspire outcomes by sharing expertise, translating technical risks into meaningful business context, and influencing stakeholders without direct authority.
• Enjoy investigating complex problems, making sense of information, and communicating detailed findings in a clear and compelling way to drive actionable security recommendations.
• Bring your real self to work and live values – trust, teamwork and accountability.

Responsibilities

• Partner with business lines, technology teams, and ecosystem participants to provide guidance and support on cybersecurity risks and current trends within Open Banking and financial data ecosystems.
• Proactively identify risks associated with data sharing, API integrations, authentication, and consent flows, presenting practical and achievable recommendations.
• Establish trust and credibility as a strategic advisor across the organization.
• Review and interpret requirements documentation, architecture diagrams, and solution designs to determine the feasibility and security risk of projects within the Open Banking ecosystem.
• Conduct comprehensive threat modeling using methodologies such as STRIDE, MITRE ATT&CK, and attack trees, providing actionable security recommendations and advisory support to stakeholders, ensuring alignment with CIBC’s security objectives.
• Lead cybersecurity risk assessments across banks, fintechs, third-party providers, and shared infrastructure.
• Execute detailed threat risk assessments, coordinate penetration testing, and report on findings.
• Assess API security, consumer consent mechanisms, identity and authentication flows, and central registry infrastructure.
• Support the accreditation and security evaluation of third-party ecosystem participants and vendors, recommending new controls to mitigate emerging risks.
• Create and present risk reports and recommendations to executive management, translating technical risks into meaningful business context.
• Develop and deliver learning and training materials to peers and junior advisory team members, and provide feedback on the design and implementation of security assessment processes.
• Proactively identify opportunities to enhance existing security processes, tools, and frameworks.
• Recommend and implement improvements that strengthen CIBC’s cybersecurity posture.
• Foster a culture of collaboration by sharing expertise and insights across teams.
• Mentor peers and junior advisory members, contribute to cross-functional initiatives, and help build organizational awareness of cybersecurity risks and solutions.

Benefits

• Competitive salary
• Incentive pay
• Banking benefits
• Benefits program
• Defined benefit pension plan
• Employee share purchase plan
• Vacation offering
• Wellbeing support
• MomentMakers, our social, points-based recognition program
• Purpose Day; a paid day off dedicated for you to use to invest in your growth and development