Senior Manager, Cyber Risk Assessments

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

What You'll Be Doing

As Senior Manager, Cyber Risk Assessments (2nd Line of Defense), you will oversee enterprise-wide identification, measurement, mitigation and reporting of cyber risk in line with CIBC’s risk appetite and regulatory expectations. You’ll collaborate closely with technology, information security and business-risk partners to deliver a consistent, integrated approach to cyber risk management, while championing a transparent, inclusive, and high-performing culture. The role also expects strong interpersonal communication, critical thinking and problem-solving skills to present conclusions to senior audiences, ability to leverage enterprise AI tools to improve internal processes and drive optimization, as well as keeping abreast with latest security threats and industry trends.

CIBC enables a flexible work environment where you can thrive, with a hybrid arrangement of 2–3 days per week on-site and the remainder remote, to be discussed during your interview.

How You will Succeed

• Risk Management & Portfolio oversight: Operate within a matrix team environment, reviewing cyber risk assessments, controls, deficiencies, metrics, and other relevant information to form an independent view of cyber risks, effectively challenging risk levels and treatment approaches. Execute operational risk program mandates using established operational risk tools and processes, including 2nd LoD assessments of business line change initiatives, risk and control self-assessments, scenario analysis, cyber incident management, as well as security testing activities performed by the 1st LoD (e.g., Threat Risk Assessments, Penetration Testing, Application Security Code scans) driving appropriate risk treatment for material cyber risks identified, and drive continuous improvement in risk management methodologies. Manage the centralized risk-tracking tool and ensure documentation for assessments performed is complete and consistent. Produce portfolio-level insights for senior leadership and governance committees.

• Technical & Analytical Expertise Bring credibility and influence by leveraging your broad technology experience and deep expertise in areas such as cloud, network, cybersecurity, DevOps, AI etc. to assess and challenge cyber risks and controls across business lines.

• Advisory & Continuous Improvement Stay current on emerging threats and industry best practices, advising business lines and enhancing operational risk methodologies.​

• Collaboration & Relationship Building Leverage effective communication and people skills to build and sustain trusted internal relationships, positioning yourself as a valued partner who provides sound risk guidance and demonstrates a deep understanding of both the business and technology environments. Collaborate closely with information security, technology, risk, and business partners to ensure a consistent and integrated approach to risk management.

• Educational Support & Risk Culture Promote a culture of cyber risk awareness, ensuring operational risk policies, processes, and continuous improvement initiatives are effectively communicated.

Who You Are

• You bring broad expertise in cyber and technology risk demonstrating experience across cybersecurity and technology domains, associated industry frameworks and regulations.

• You are a collaborative partner and effective communicator building strong working relationships and collaborating with diverse stakeholders in a dynamic, fast-paced environment to drive integrated and consistent risk management.

• You possess technical acumen and a continuous improvement mindset in areas such as cloud, Agile/DevOps, APIs/microservices, automation, and big data technology. Industry-recognized certifications (e.g., CISSP, CISM) is an asset.

• You are data-driven and insightful, investigating complex problems, leveraging strong analytical skills to extract insights from data, and translating findings into actionable recommendations for risk mitigation and reporting.

• You are detail-oriented and a critical thinker noticing what others might overlook, applying strong critical thinking skills to inform your decision-making, ensuring that risk assessments and reporting are thorough and accurate.

• You embrace change and champion growth evolving your thinking and approach, adapting to new challenges and emerging trends in the cyber and technology risk landscape to deliver your best work.

• Values matter to you. You bring your real self to work and you live our values – trust, teamwork and accountability.

#LI-TA

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.

• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

• CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact [email protected]

• CIBC is committed to clarity in our hiring process. All roles posted are opportunities we’re actively recruiting for, unless stated otherwise.

• You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

• We may ask you to complete an attribute-based assessment and other skills test (such as simulation, coding, French proficiency).

• We use artificial intelligence tools during the recruitment process. Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.

Job Location

Toronto-81 Bay, 29th Floor

Employment Type

Regular

Weekly Hours

37.5

Skills

Analytical Thinking, Application Security, Coding Practices, Communication, Cyber Risks, Cybersecurity, DevOps, Emerging Technology Trends, Information Security, Interpersonal Communication, Operation Risk Management, Penetration Testing, Prioritization, Red Teaming, Risk Assessments, Risk Management, Risk Management Programs, Security Management Practices, Security Testing, Teamwork, Technology Landscape