Director, QTS Cybersecurity and Threat Protection

What is the opportunity?

The Director, Cybersecurity and Threat Protection plays a pivotal role in enhancing the cybersecurity posture and strengthening the control environment across RBC Capital Markets. You will lead a cybersecurity engineering team responsible for identifying, prioritizing, and mitigating cybersecurity risks and vulnerabilities. This role drives strategic enhancements to security practices, ensuring robust controls and effective risk management throughout the Capital Markets estate. Your leadership will be instrumental in transforming and maintaining our cybersecurity framework, positioning Capital Markets as a leader in cybersecurity resilience across the organization.

What will you do?

• Lead the implementation and ongoing enhancement of cybersecurity programs including application security (SAST/DAST), vulnerability management, penetration testing remediation, and secure coding practices.
• Drive cybersecurity strategy, ensuring alignment with organizational objectives, emerging threat intelligence, CVE tracking, and regulatory requirements.
• Direct vulnerability management processes, prioritization, and remediation strategies across applications, cloud, containers, and server environments.
• Establish and enforce cybersecurity standards, controls, and automation within DevSecOps and CI/CD pipelines.
• Provide strategic oversight and guidance on penetration testing activities, ensuring effective collaboration with external penetration testing teams and internal remediation processes.
• Assess emerging threats, leverage threat intelligence, and implement proactive security measures and innovative technologies to mitigate risks.
• Foster collaboration with development, infrastructure, and cloud teams to address complex vulnerabilities effectively.
• Communicate cybersecurity risks, metrics, and strategic initiatives clearly to senior management and stakeholders.

What do you need to succeed?

Must-have:

• 10+ years of experience in cybersecurity roles, including 5+ years leading cybersecurity engineering or threat protection teams.
• Strong expertise in cybersecurity frameworks, vulnerability management strategies, penetration testing methodologies, application security, and cloud/container security.
• Demonstrated leadership in establishing and maturing cybersecurity capabilities and automation.
• Relevant industry certifications such as CISSP, CISM, CCSP, OSCP or equivalent.
• Exceptional communication, stakeholder management, and strategic thinking capabilities.

Nice-to-have:

• Experience in financial services, capital markets, or highly regulated industries.
• Familiarity with cloud-native security, infrastructure-as-code (IaC), Docker containers, Kubernetes orchestration, and AWS cloud environments.
• Background in cybersecurity engineering practices including infrastructure security, container security, and cloud security.
• Hands-on experience with security orchestration, automation, and response (SOAR) platforms.

What's in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable.
• Leaders who support your development through coaching and managing opportunities.
• Ability to make a difference and lasting impact.
• Work in a dynamic, collaborative, progressive, and high-performing team.
• A world-class training program in financial services.
• Flexible work/life balance options.
• Opportunities to do challenging work.

#LI-Hybrid

#LI-POST

#TECHCPJ

Job Skills

Additional Job Details

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above