Purpose of the Job
In this role, you will play a pivotal part in ensuring the maintenance of governance and compliance documents, managing our control library, and supporting various audit and assessment activities. This role requires a subject matter expertise in Cyber Risk & Compliance management as this role will be responsible for building processes and capabilities that align with organization structure and culture while ensuring sufficient maturity of Cyber Risk management practices. Your primary responsibilities will include Cyber Risk exceptions management and risk appetite and tolerance limit monitoring and reporting, facilitating security exceptions and risk acceptance process, operationalizing EQB’s Cyber Control Framework management processes, aiding in internal and external audits, and supporting the due diligence process for third-party onboarding. Additionally, you will contribute to annual PCI-DSS activities and play a key role in the tracking and reporting of team metrics.
Main Activities:
- Support the maintenance of governance and compliance documents.
- Manage the control library to ensure up-to-date and accurate information.
- Perform Cyber Risk quantification and analysis to drive risk-informed business decision making.
- Develop and apply statistical and quantitative models to assess cyber threats' likelihood and potential financial impact.
- Contribute to developing risk mitigation strategies by identifying and prioritizing high-risk areas.
- Support the security exception process by documenting, tracking, monitoring, and reporting on exceptions, with integrated quantitative analysis.
- Assist in internal and external audits by gathering and organizing evidence.
- Follow up on audit activities to ensure timely resolution.
- Support the due diligence process for third-party onboarding activities.
- Manage security risks for assigned portfolio to ensure that action/mitigation plans are defined and actioned in-time.
- Escalate outstanding risks as required.
- Assist in running annual PCI-DSS assessment activities.
- Play a vital role in tracking and reporting team metrics.
- Actively contribute to the continual improvement of security governance, risk, and compliance.
- Participate in activities to identify improvements, including internal measurement practices, security practice reviews, and internal/external audits.
- Stay current on the cyber security threat landscape, including the latest attacker tactics, techniques and procedures, and the controls that may serve as effective countermeasures.
Knowledge/Skill Requirements:
- A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
- Minimum of 5-7 years of relevant work experience.
- Hands on experience in supporting internal and external audits.
- Relevant certifications in governance, risk, and compliance are preferred.
- The following certifications are preferred: Open FAIR certification, CCSP, CCSK, CISM, CISSP, or CRISC.
- Solid understanding and experience with PCI DSS.
- Solid understanding of security threats and the security practices that are employed to defend against those threats.
- Experience working in a banking or financial services environment is an asset.
- Familiarity with security metrics and quantitative analysis tools (e.g. FAIR, Monte Carlo Analysis).
- Excellent interpersonal skills, with proven track record of developing relationships and communicating conceptual information effectively to individuals unfamiliar with subject material.
- Strong organizational skills: demonstrated ability to manage time and adhere to tight deadlines.
- Reporting to and responsible for supporting the Cyber, Governance and Compliance manager and indirectly to the Chief Information Security Officer.
- Makes decisions independently and contributes to the overall long-term performance of the security team.
- Accountable for the day-to-day operations and performance within the Cyber Governance, Risk and Compliance domain.
- Prioritize multiple competing priorities within restricted time constraints.
- Decisions made by the incumbent impact on the security of the bank.
- The incumbent will be required to work with suppliers who provide solutions, services and/or support to the bank.
Communication Skills:
Accountability:
What We Do
MakeBank on everyday banking: Earn high interest on every dollar Say no to fees No minimum balances Powered by Equitable Bank, a Schedule I Canadian Bank EQB Inc. (formerly Equitable Group Inc.) trades on the Toronto Stock Exchange (TSX: EQB and EQB.PR.C), directly serves over 607,000 Canadians through its wholly owned subsidiary Equitable Bank, Canada's Challenger Bank™, and serves over 200 Canadian credit unions that serve over 6 million of their members with products and services. Equitable Bank has grown to become Canada's 7th largest independent Schedule I bank with over a $119 billion in assets under management and assets under administration, and a clear mandate to drive real change in Canadian banking to enrich people's lives. At Equitable Bank, we are as invested in our employees as we are in our business. That’s why we are consistently recognized as one of Canada's Top Employers – a rating that comes from our 1,800 employees. Equitable Bank’s inclusive, welcoming, and pride-inducing workplace earned it the honour of being recognized as one of the top 50 organizations on the 2023 list of Canada’s Best Workplaces™. Founded over 50 years ago, Equitable Bank provides diversified personal and commercial banking, and through its EQ Bank platform (eqbank.ca), which has been named #1 Bank in Canada for three consecutive years on the Forbes World's Best Banks list for 2021, 2022, and 2023. Equitable Bank website: www.equitablebank.ca EQ Bank website: www.eqbank.ca Specialties Lending, Mortgages, Residential Lending, Commercial Lending, Reverse mortgages, Insurance lending, Equipment leasing , Credit Union, Trust, and Funds Management
