Manager, US TI&I Cyber, Tech, and Security Control Assessment

CIBCs Technology Infrastructure and Innovation (TI&I) business spans Technology Information Security Deposit Operations Loan Operations Payment Operations Data Management Office Corporate Real Estate Corporate Security Procurement Operational Resilience and Risk & Governance. TI&I drives operational excellence by managing the technology and operations to run the bank enabling transformation through innovation and supporting growth objectives with flawless execution of strategic initiatives.

The Governance and Oversight team within TI&I operates as a First Line team in the Three Lines of Defense model enabling risk discipline business resiliency and value creation while strengthening the CIBC Risk Management Framework.

At CIBC we enable the work environment most optimal for you to thrive in your role. Youll have the flexibility to manage your work activities within a hybrid work arrangement that is acceptable to your direct supervisor.

What youll be doing

As the Manager US TII Cyber Tech and Security Control Assessment you will:

• Independently conduct control testing providing assessment consulting and reporting on operational risk and controls involving people technology processes or external events that arise from audit and control testing

• Independently understand and follow the qualitative and quantitative components of our Risk Appetite Statements

• Escalate matters through the appropriate channels

• Collaborate with team members stakeholders and partners on control design and operating effectiveness testing

• Managing developing and executing processes that will continually assess and enhance the control environment to ensure that the controls are complete thorough meet regulatory requirements match industry standards and align to CIBCs policies and standards.

• Designing and implementing control frameworks and practices that address evolving regulatory and compliance requirements across a complex landscape.

• Partnering with TI&I teams to ensure alignment and currency of controls incorporating a multi-functional perspective to identify and address gaps.

• Identifying opportunities to automate and streamline control testing processes using robotic process automation (RPA) and artificial intelligence (AI) solutions.

• Leading pilot initiatives or proof-of-concept projects that integrate AI into control testing frameworks.

• Evaluating and recommending technology tools that improve the efficiency accuracy and consistency of control testing activities.

• Collaborating with teams across TI&I to implement automation solutions and integrate AI-driven analytics into control assessment processes.

• Monitoring the effectiveness of implemented RPA/AI solutions and recommending enhancements based on results and emerging best practices.

How youll succeed

• Risk Management Leverage you technology and cyber security risk management expertise to share your knowledge by introducing ideas to the organization to continuously maintain an acceptable risk posture that is aligned with the industry peers regulatory requirements and CIBCs risk appetite.

• Understand Requirements Conduct analysis of processes and functional requirements to provide proactive advice and guidance to internal stakeholders to ensure that the requirements and work packages are appropriately defined and completed.

• Time and Project Management Leverage your strong project management skills to proactively manage timelines by keeping direct managers and internal client informed of predicted/ preliminary results and proactively communicate reasonable estimated time to completion.

• Continuous Improvement & Efficiency: Identify continuous improvement opportunities and leverage AI tools to automate repetitive tasks streamline testing procedures and improve the overall effectiveness of control assessments.

• Collaborate Across Teams - Collaborate with business partners risk management compliance audit and other stakeholders to ensure a coordinated approach to risk and control.

• Internal Client Engagement Meet with internal clients to understand their priorities and advise them on technology and cybersecurity risk management solutions. Use your knowledge of cybersecurity and technology to protect the organization by providing proactive advisory services to the technology and cybersecurity teams in deploying risk management measures and in remediating known issues.

• Communication Delivering clear concise and impactful reporting presentations and assessment summaries to key stakeholders and partners.

• Relationship Management Youll create trusted advisory relationships with all partners across all 3 Lines of Defense.

• Collaboration Engaging with cross functional teams across all three lines of defense to foster open communication value diverse perspectives ensuring that all voices are heard and contributing to shared success. You will build trust within the team encouraging a supportive environment that enhances creativity and problem-solving.

• Continuous Learning: Stay current with advancements in technology and regularly update your knowledge to identify and implement best practices in automated control testing.

• Drive Results: Use technology-driven insights to identify control gaps recommend enhancements and support informed decision-making within the organization.

• You have a degree/diploma in accounting cybersecurity technology finance or a related field. Minimum of 5-7 years of experience in technology or cybersecurity front-line testing/ audit/enterprise/operational risk management/or management consulting coupled with professional certification in Technology Risk Cybersecurity Risk and audit related certifications (e.g. CISA CISSP CISM CRSC etc).

• You demonstrate experience conducting or managing internal and external audits. Understanding audit methodologies and standards (e.g. IIA Standards ISACA guidelines). Designing and executing control testing plans including walkthroughs sampling and substantive testing. Experience with both manual and automated testing techniques. You have worked independently and have experience in working in cross-functional teams where you have successfully influence without authority across all levels of the organization. You have experience in creating process flow at optimal levels to provide concise depiction of current and future state in order to identify and convey applicable risks and controls. Youre creative resourceful and tenacious and have the ability to clearly depict information that can be communicated and presented in the most engaging and meaningful way.

• You have a strong understanding of emerging technologies including RPA and AI and their applications in risk management and control testing.

• You actively seek out and embrace new tools and methodologies to improve the efficiency and effectiveness of control processes.

• You have direct experience implementing or supporting RPA and AI solutions in audit compliance or control testing environments.

• You identify opportunities to automate manual tasks and enhance existing control frameworks using technology-driven solutions.

• You advocate for the adoption of digital tools and foster a culture of continuous improvement within your team or organization.

• You leverage data analytics and AI-driven insights to inform your approach to control testing and risk assessment.

• You stay up to date with technological advancements and proactively acquire new skills to remain at the forefront of innovation in control testing.

• You demonstrate awareness of emerging technologies including robotic process automation (RPA) and artificial intelligence (AI) and proactively seek opportunities to apply them in control testing processes.

• Values matter to you. You bring your real self to work and you live our values - trust teamwork and accountability.