Senior Manager, Cyber Risk, Regulatory Compliance

The role also expects strong interpersonal, communication, and problem-solving skills to present conclusions to senior audiences, as well as keeping abreast with latest security threats and industry trends.

The Senior Manager , Cyber Risk, Compliance & Reporting is an experienced professional responsible for fulfilling CIBC’s second line of defense mandate to support effective management of cyber security risk across the organization. The role works closely with the first Line of Defense (LoD) and applies technical expertise to assess cyber risks identified by the 1st LoD (e.g., through controls & Deficiency Management, regulatory risk assessments) and challenges risk mitigation/treatment plans.

In addition, the role involves review and reporting of cybersecurity risks related to Enterprise Information security and control landscape, regulatory landscape, understanding the associated inherent and residual risk of various regulations such as (but not limited to) OSFI B-13, DORA, AMF, OSFI Technology and cyber security incident reporting , APRA, BILL C-26, CDCC, Bill C-27, HKMA and collaborating with relevant 1st LoD teams to advise on risk-based prioritization and drive remediation.

* ** Regulatory Compliance
** Monitor regulatory updates and implement changes to align with financial institution regulations (e.g., OSFI, SWIFT CSP).Ensure timely and accurate submission of regulatory filings (such as new and existing Regulatory Developments) related to cybersecurity and information risk.
* ** Controls Review and Deficiency Management**:
Be able to challenge and review cybersecurity controls tied to regulatory developments and guidance to identify gaps, weaknesses, or areas for improvement. Collaborate with the 1st line to develop actionable remediation plans for deficiencies identified during audits or assessments in accordance with Regulatory Compliance Management. Ensure controls align with regulatory requirements, including OSFI B-13, DORA, GDPR, PIPEDA SWIFT CSP, NIST CSF 2.0, and ISO 27001.
* ** Cybersecurity Regulatory Compliance Reporting:
** Develop and manage comprehensive reporting processes related to RCM activities, including dashboards and Risk Appetite Statements (RAS), KRIs metrics for executive leadership, audit committees, and regulatory bodies. Deliver meaningful insights into the organization's risk posture through KRIs, KPIs, and operational data. Prepare board-level reports detailing cyber risks, compliance statuses, and significant events affecting regulatory requirements.
* ** A
* *** udit and Assessment Support**:
Support internal and external audits by ensuring accurate documentation of control environments, risk management practices, and compliance activities. Monitor remediation of audit findings, ensuring timely resolution and sustainable control implementation
* ** RCM Policy Creation and Management**:
Develop, implement, and maintain information security related RCM policies, processes and procedures, ensuring alignment with enterprise RCM frameworks. Regularly review and update policies to reflect changes in the regulatory landscape, organizational priorities, and technological advancements. Collaborate with internal stakeholders to ensure the effective adoption of policies and promote a culture of compliance.
* ** Cyber risk Review & Challenge**:
Act as a 2nd LOD and be able to effectively challenge and provide guidance on a wide array of cybersecurity controls and design requirements related to RCM activities, these may include areas such as Data security controls, Vulnerability & Threat Management, Identity & Access Management, Logging & Monitoring for various security attestations and cyber risk assessment and maturity scorecard programs.
* ** Deep understanding
** of regulatory frameworks and requirements such as OSFI B-13, DORA SWIFT.
* ** Critical thinking skills
** to evaluate the impact of identified security vulnerabilities and drive attack surface reduction.
* ** Effective communications**– Demonstrates clarity of thought in both written and verbal communications and develops and delivers strong and simplified reporting content and presentations.
* **…