Advisor, Information Security

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

What You’ll Be Doing

You are passionate about information security and risk advisory services and want to join our growing information security group. As a Senior Information Security Advisor you will be responsible for consulting on potential risks as well as current trends to help our technology and business stakeholders meet security goals and objectives. Utilizing your proactive communication skills & relationship building skills, you will partner with line of business and technology teams and help them proactively identify potential risks and present recommendations that are practical and achievable. You will act as a trusted advisor to the lines of businesses they support within a defined coverage model, adding value as an extended member of each line of business's leadership team.

At CIBC we enable the work environment most optimal for you to thrive in your role. Details on your work arrangement (proportion of on-site and remote work) will be discussed at the time of your interview.

How You’ll Succeed

• Consulting - Review and interpret requirements documentation, architecture diagrams and solution designs to help determine the feasibility of a project and its security risk to CIBC. Assess business needs against potential risks and provide your recommendations to enhance our information security landscape. Coordinate action plans and/or risk as outlined in the Control & Deficiency Management Policy and Deficiency Management User Guide. Build Security In the Lifecycle of Projects. Recommend Cloud Security Controls in a Serverless environment and recommend best security approach in a DevSecOps environment.

• Communication - Build and present documentation to executive management aimed at communicating potential risks and providing recommendations. Provide feedback to and participate in the design and implementation of security assessment processes across the organization. Research, design, and implement security monitoring practices and operationalize these processes across the group. Understand strategic goals and embed cyber risk management into the culture of the line of business, acting as both a feedback loop across IS, Business and the enterprise. Respond to BU queries in support of the business programs and projects.

• Delivery and Execution - You will help us execute detailed threat risk and information security assessments, deviations, coordination of penetration testing and reporting. Establish priorities specific to information security duties and conduct Threat Models. Help us complete requests from external partners (corporate and institutional clients) and recommend new controls to reduce risks. Contribute to the identification of key controls or design controls as appropriate. Understand CIBC’s Control Framework, Control and Deficiency Management Policy (and US Supplement) and definition of key control.

Who You Are

• You can demonstrate experience in Information Security, Threat-risk assessments, Vulnerability & Penetration testing, and application security development projects . Familiarity with retail bank ecosystem and Cloud Computing technologies. Additionally, exposure to Agile Development processes, and certifications in CISSP, Offensive Security/CEH, CASE-E-Council or CSSLP is an asset but not mandatory. You understand the technical and business roadmap for Cybersecurity controls and partners with Cybersecurity control owners, architects and engineers to develop integration plans and deliverables.

• You're passionate about people. You find meaning in relationships, and surround yourself with a diverse network of partners. You build trust through respect and authenticity. You partner with subsidiary and affiliates stakeholders to understand current Cybersecurity controls of the subsidiary/affiliate and to develop integration plans. You collaborate with the first line centers of excellence to implement control enhancements and/or new controls as appropriate.

• You're digitally savvy. You seek out innovative solutions and embrace evolving technologies. You can easily adapt to new tools and trends.

• Your influence makes an impact. You know that relationships and networks are essential to success. You inspire outcomes by making yourself heard. You act as owners of Line of Business-specific information security issues, as required. You own and direct security initiatives within the division or business unit based on research and analysis that drive quarterly strategy plans that will be led by the BISO (start to finish).

• You give meaning to data. You enjoy investigating complex problems, and making sense of information. You're confident in your ability to communicate detailed information in an impactful way. You develop controls for data validation related to data owned by the Lines of Business Review reports provided by Infrastructure and Support Functions. You successfully linking the business and data security needs of technology solutions that drives our business, smartly.

• Values matter to you. You bring your real self to work and you live our values – trust, teamwork and accountability.

​

**Prior to starting in this role, security checks, including a criminal record check must be successfully completed to the satisfaction of CIBC. An annual criminal record check may also be required.**

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.

• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

• CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact [email protected]

• CIBC is committed to clarity in our hiring process. All roles posted are opportunities we’re actively recruiting for, unless stated otherwise.

• You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

• We may ask you to complete an attribute-based assessment and other skills test (such as simulation, coding, French proficiency).

• We use artificial intelligence tools during the recruitment process. Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.

Job Location

Employment Type

Weekly Hours

Skills