Director, Governance & Controls – Information Technology & Information Security

Overview

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered  team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute. To learn more about CIBC, please visit

What you’ll be doing

CIBC’s Technology Infrastructure and Innovation (TI&I) spans Technology, Information Security, Deposit Operations, Loan Operations, Payment Operations, Data Management Office, Corporate Real Estate, Corporate Security, Procurement, Operational Resilience, and Risk & Governance. TI&I drives operational excellence by managing the technology and operations required to run the bank, enabling transformation through innovation, and supporting growth objectives with flawless execution of strategic initiatives.

The Governance and Oversight team within TI&I operates as a First Line team in the Three Lines of Defense model, enabling risk discipline, business resiliency, and value creation while strengthening the CIBC Risk Management Framework.

As Director, Governance & Controls, you will be a key leader within the US TI&I organization, reporting to the Head of Governance & Oversight. You will be responsible for designing, implementing, and continuously enhancing governance, risk, and control frameworks for our US Technology and Information Security (IT/IS) functions. This role is integral to maintaining a robust risk culture, ensuring regulatory compliance, and driving operational resilience in a complex, fast-paced environment.

Details on your work arrangement (proportion of on-site and remote work) will be discussed at the time of your interview.

Responsibilities

• Strategic Leadership & Advisory:
Serve as a trusted advisor to stakeholders, providing proactive guidance on risk management, control design, and compliance with organizational policies, regulatory requirements, and industry standards. Lead the development and execution of GRC strategies aligned with CIBC’s risk appetite and US regulatory expectations (FFIEC, GLBA, NYDFS, NIST, COBIT, ISO). Act as a thought leader, driving control maturity and operational risk alignment across the organization.

• Governance, Risk & Controls:
Oversee the identification, assessment, escalation, and mitigation of IT/IS risks, ensuring alignment with enterprise risk frameworks. Oversee the implementation of effective controls, ensure integration into business processes and technology systems. Conduct regular reviews of controls to assess impact of changes in processes, new projects, and emerging risks. Maintain oversight of the global control environment impacting IS/IT, ensuring alignment with broader risk objectives and US regulatory requirements.

Design and implement continuous control monitoring and assurance programs, leveraging data analytics and automation. Conduct risk assessments and ensure integration of controls into business and technology processes. Perform validation and quality assurance reviews of issues, ensuring proper risk management practices and closure in line with 2nd Line of Defense guidance. Monitor and report on key risk and control metrics to senior leadership with actionable insights.

• Regulatory Compliance & Engagement:
Maintain deep knowledge of US and global regulatory requirements, ensuring frameworks and practices remain current and compliant. Support regulatory exams, internal audits, and industry assessments, ensuring timely resolution of findings and corrective actions.

• Continuous Improvement &

Innovation: Drive continuous improvement initiatives, leveraging emerging technologies and industry trends to strengthen the control environment. Foster a culture of innovation, risk awareness, and accountability across the team and broader organization.

• Stakeholder Engagement & Relationship Management:
Build and maintain strong relationships with internal and external stakeholders, including auditors, regulators, and industry associations. Collaborate across the three lines of defense to maintain a robust…