CYBER & TECHNOLOGY RISK ANALYST SR
WHAT IS THE OPPORTUNITY?
The Senior Cyber and Technology Risk Analyst will identify, analyze and report enterprise technology risks for executive level business, Cyber, Technology and information security leadership. The work product will be shared with the Audit and Risk Committee, Royal Bank of Canada, and CNB's regulators. Position will also perform quantitative and qualitative analysis to support the prioritization of risk mitigation projects, measure progress of technology risk reduction initiatives, and identify areas with high residual risk. The Senior Analyst will also perform challenge and oversight of the First Line of Defense as a member of the Second Line of Defense, and will develop, collect and report metrics and Key Risk Indicators (KRI) which provide effective, proactive identification of technology risks.
Risk Management Division
This is a great opportunity to grow your career with a stable and expanding organization as a member of City National's Risk Management team. The focus is on ensuring business activities remain safe, compliant and well-positioned for future opportunity and sustainable growth.
WHAT WILL YOU DO?
- Manage the accountability and oversight of the risk assessment process, ensure assessments are completed in a timely manner, are appropriately scoped, and provide assurance through independent review and challenge of management control testing, including applications, data centers, databases, and infrastructure.
- Have primary responsibility for architecting the risk assessment methodologies and systems to ensure all necessary inputs, modules, and reports are implemented to automate to the extent reasonably possible.
- Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes; perform gap analysis.
- Perform independent categorization and aggregation of technology risks identified by the first line of defense, and provide a thematic view of risk across the enterprise.
- Map regulatory requirements across regulations to identify overlapping requirements and compliance efficiencies.
- Track regulatory compliance and maintain up to date records of requirements and corresponding mitigating controls.
- Ensure that CNB's IT framework, policies, and standards comply with regulations; work with the relevant Framework and Policy Committee(s) when policies need to be updated or created.
- Work with business units to ensure controls are effective and appropriately address the relevant regulatory and security requirements they address.
- Complete credible challenge and oversight of the first line of defense (the business functions) as a member of the second line of defense.
- Coordinate with other compliance functions – like Audit, Legal, Enterprise Risk, and Privacy – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.
- Create presentations, briefings and communications on technology risk issues for a variety of internal and external stakeholders.
WHAT DO YOU NEED TO SUCCEED
- Bachelor's Degree In computer science, cyber security, information technology, information security, or related field
- Minimum 7 years of experience in Cyber and Technology risk assessment and analysis
- Minimum 4 years of experience with eGRC or equivalent risk or security management system
- Minimum 4 years working for a bank or financial institution
Skills and Knowledge
- Prefer experience in a Risk Management (2LOD) department along with at least 4 years in banking or financial services, or equivalent experience in a consulting capacity
- Prefer experience with internal control frameworks for information technology, information security, IT governance frameworks, and conducting and analyzing cyber and technology risk assessments.
- Demonstrate knowledge and aptitude for methods for scoring, calculating, and quantifying risk.
- Must be able to effectively articulate ideas through verbal and written communications.
- Experience with MS Excel, Word, PowerPoint, and eGRC systems, such as Archer or RSAM
- Prefer certifications: CISSP, CISA, CSIM, CGEIT, CRISC, FAIR or related certifications
- Prior experience analyzing and applying regulatory requirements to security practices
- Familiarity with changes and trends in the regulatory landscape
- Demonstrated organization, facilitation, communication, and presentation skills
- Demonstrated ability to lead and execute across a range of businesses and functions with differing issues and interdependencies
- Experience in designing and executing management testing of key controls, evaluating controls for design effectiveness, operating effectiveness, and efficiency.
*To be considered for this position you must meet at least these basic qualifications
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
INCLUSION AND EQUAL OPPORTUNITY EMPLOYMENT
City National Bank is an equal opportunity employer committed to diversity and inclusion. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other basis protected by law.
ABOUT CITY NATIONAL
We start with a basic premise: Business is personal. Since day one we've always gone further than the competition to help our clients, colleagues and community flourish. City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues to drive phenomenal growth today. City National is a subsidiary of Royal Bank of Canada, one of North America's leading diversified financial services companies.
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
Apply on company website