Associate Director, Cyber & IT Risk - IAM

What is the opportunity

You will support IT/Cyber Risk Management leadership within the Enterprise Resilience Risk team in delivering various oversight and challenge processes including: tracking and reporting on the status and quality of key IAM Risk programs; developing and utilizing effective risk appetite metrics that provide insights into current risk level; identifying issues with policy compliance through analysis and testing of controls; monitoring and assessing cyber/technology incidents related to IAM; and performing thematic reviews to investigate issues and providing value add recommendations.

This includes providing an opinion on RBCs technology risk posture developing / overseeing IAM key risk indicators to measure and monitor risk and contributing to the development of enterprise policies and standards governing Identity and Access Management Risk.

What will you do

• Leverage data driven insight and provided opinions and challenge on key risk indicators.
• Support the completion of thematic reviews scenario analysis external event analysis new change initiative assessments and development of risk profiles that can be leveraged to report to senior management board and regulators.
• As second line of defense work closely with first line to provide effective and cyber/technology oversight and challenge for Global Securitys IAM Operational and IT risk programs such as Risk and Control Self-Assessments Operational Risk Event Reviews IT Risk Assessments and Integrated Risk Profiles to validate that the business is operating within Risk Appetite.
• Support cyber/technology related regulatory examinations / requests / assessments / reporting.
• Champion managing risk rather than risk avoidance by seeking solutions.
• Maintain assigned Domain Risk Profiles to provide a strong fact-based opinion on the Technology Risk profile.
• Develop and maintain key internal and external relationships to provide advice and oversight on standard compliance support operational risk program adherence and effective incident reporting.
• Provide oversight and challenge on the management of significant cyber incidents.
• Recommend changes to Cyber & IT Risk policies/standards to maintain currency in ensuring relevance to emerging technologies and delivery models.
• Develop and maintain key Technology relationships to provide expertise and oversight on new initiatives.
• Keep abreast of emerging technology threats.
• Proactively manage complex and sometimes competing relationships with key local regional and global stakeholders on a regular basis
• Develop strong relationships within GRM and Operational Risk teams in support of common objectives and goals.

What do you need to succeed

Must-have:

• CRISC / CISSP / CISM / CISA or similar certification
• years in the financial services or other regulated industries
• 5 years of information technology and operations experience is required; preferably as part of an IAM team or IAM related role.
• Expert knowledge of IAM concepts methodology processes and procedures and controls.
• Experience with IAM technologies and protocols such as: Multi-Factor Authentication Single-Sign On MS Active Directory LDAP Cloud IAM SAML Kerberos OAuth Remote Access etc.
• Strong technical IAM knowledge covering areas the areas of Authentication Authorization Privileged Access Management and Credential Management
• Working knowledge of solutions such as CyberArk SailPoint IdentityIQ Entra ID Okta and HashiCorp Vault.
• 5 years experience in in risk identification aggregation analysis and ranking
• Strong metrics and performance management background including data management and analysis.
• Strong knowledge in IT and operational risk management processes methods and tools
• Strong knowledge of technology standards risks threats prevention measures and best practices.

Nice-to-have:

• Experience in a large financial service company
• Knowledge of Project Management (PMF) process/disciplines
• Strong knowledge of various IT risk frameworks methodologies leading industry/assurance standards and regulations as well as attestation reporting frameworks such as NIST COBIT SOC2 reporting framework
• Working knowledge of GRC tools (e.g. Archer ServiceNow etc.)

What is in it for you

We thrive on the challenge to be our best progressive thinking to keep growing and working together to build and deliver trusted reporting to help our stakeholders succeed and communities prosper. We care about each other reaching our potential making a difference to our communities and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits competitive compensation.
• Ability to make a difference and lasting impact.
• Work in a dynamic collaborative progressive and high-performing team
• Opportunities to take on progressively greater accountabilities.

Job Skills

Additional Job Details

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Inclusion and Equal Opportunity Employment

At RBC we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best effectively collaborate drive innovation and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect belonging and opportunity for all.