Associate Director, Cyber and Technology Risk

As part of the Group Risk Management's Enterprise Resilience Risk team, the Associate Director, Cyber & Technology Risk will be responsible for providing challenge and oversight on Identity and Access Management (IAM) programs, IAM lifecycle, and cyber operations teams. You will be responsible to provide an opinion on RBC's IAM risk posture, developing / overseeing IAM Key Risk Indicators to measure and monitor risk and contributing to the development of enterprise policies and standards governing IAM.

What is the opportunity?

You will support IT/Cyber Risk Management leadership within the Enterprise Resilience Risk team in delivering various oversight and challenge processes including: tracking and reporting on the status and quality of key IAM Risk programs; developing and utilizing effective risk appetite metrics that provide insights into current risk level; identifying issues with policy compliance through analysis and testing of controls; monitoring and assessing cyber/technology incidents related to IAM; and performing thematic reviews to investigate issues and providing value add recommendations.

This includes providing an opinion on RBC's technology risk posture, developing / overseeing IAM key risk indicators to measure and monitor risk and contributing to the development of enterprise policies and standards governing Identity and Access Management Risk.

What will you do?

• Leverage data driven insight and provided opinions and challenge on key risk indicators.
• Support the completion of thematic reviews, scenario analysis, external event analysis, new change initiative assessments and development of risk profiles that can be leveraged to report to senior management, board, and regulators.
• As second line of defense, work closely with first line to provide effective and cyber/technology oversight and challenge for Global Security's IAM Operational and IT risk programs such as Risk and Control Self-Assessments, Operational Risk Event Reviews, IT Risk Assessments, and Integrated Risk Profiles to validate that the business is operating within Risk Appetite.
• Champion managing risk rather than risk avoidance, by seeking solutions.
• Maintain knowledge of emerging technologies, threats/vulnerabilities and risk management practices and its implications to the business platform.
• Maintain assigned Domain Risk Profiles to provide a strong fact-based opinion on the Technology Risk profile.
• Maintain a monthly risk profile across Technology Risk categories.
• Operate a one front door policy by ensuring effective support of business requests and follow through.
• Develop and maintain key internal and external relationships to provide advice and oversight on standard compliance, support operational risk program adherence and effective incident reporting.
• Provide oversight and challenge on the management of significant cyber incidents.
• Support cyber/technology related regulatory examinations / requests / assessments / reporting.
• Recommend changes to Cyber & IT Risk policies/standards to maintain currency in ensuring relevance to emerging technologies and delivery models.
• Develop and maintain key Technology relationships to provide expertise and oversight on new initiatives.
• Keep abreast of emerging technology threats.
• Proactively manage complex and sometimes competing relationships with key local, regional, and global stakeholders on a regular basis
• Develop strong relationships within GRM and Operational Risk teams in support of common objectives and goals.

Nice-to-have:

• Experience in a large financial service company
• Knowledge of Project Management (PMF) process/disciplines
• Strong knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as NIST, COBIT, SOC2 reporting framework
• Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.)

What's in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation
• Leaders who support your development through coaching and managing opportunities
• Work in a dynamic, collaborative, progressive, and high-performing team
• Opportunities to do challenging work
• Flexible work/life balance options

Job Skills

Confidentiality, Cybersecurity, Cyber Security Management, Decision Making, Detail-Oriented, Encryption Software, Group Problem Solving, High Impact Communication, Identity Access Management (IAM), Information Security Management, Information Technology (IT) Risk, Information Technology Security, Key Risk Indicators, Operational Risks, Risk Appetite, Risk Assessments, Risk Control Assessment, Risk Management, RiskMetrics, Risk Profile, Risk Reporting, Strategic Thinking, Technology Risk

Additional Job Details

20 KING ST W:TORONTOTORONTOCanada37.5Full timeGROUP RISK MANAGEMENTRegularSalaried2025-01-152025-02-01

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above