INFORMATION TECHNOLOGY RISK MANAGER
WHAT IS THE OPPORTUNITY? This position will support IT risk management activities for T&I including evaluation, mitigation, and actionable activities through the existing information security and IT risk management programs at CNB. Will interact with cross-functional stakeholders to assess risk to T&I technology, establish governance, and enhance IT risk programs and create an organized process to effectively meet the goals and objective with product centric approach to comply with the enterprise risk appetite. Implement processes and methods for accountability and oversight as a first line of defense function with internal and external auditors while addressing non-compliance to information technology standards. Communicates non-compliance as needed with management and develop plans to meet compliance.This individual will participate in the planning, and implementation of controls on the portfolio of applications within the respective product platform portfolio. This will include participation on projects, engaging with external and internal auditors, internal risk teams, information security teams, vendor management and various risk teams to help manage the demands within this technology portfolio. Makes recommendations and assists in the implementation of changes to work methods and procedures to make them more effective, or to strengthen controls, or reduce risk.
Technology and Innovation Division
As a member of City National's Technology & Innovation group, you will drive, develop, and maintain solutions for clients and colleagues. This is an exciting time of technology advancement and innovation across the bank, particularly within our technology teams.
WHAT WILL YOU DO?
- Advance the design, delivery, and performance of IT risk metrics and reporting including the Business Impact Assessment, IT Risk Management Framework, and the management of configurations and standards being required by the heightened standards environment.
- Lead enterprise, network, application, and cloud infrastructure risk assessments while maintaining process and procedural documentation to meet the requirements at CNB.
- Manage third-party risk assessments and ongoing monitoring activities for IT vendors.
- Advise and collaborate with technology teams and the business on appropriate ways to strengthen controls in non-compliant areas.
- Own and assist first line of defense in IT Risk mitigation planning activities.
- Improve and engage to support IT Risk Management governance and direction for the technology production environment.
- Manage and demonstrate leadership role for the technology team to effectively keep systems compliant and coordinate change across the systems and drive effective collaboration. Develop and participate with team and recruit appropriately to manage the risk within the team. Manage the personnel processes for colleagues, including selection, training, performance management, development, and retention. Fosters an environment where colleagues are empowered and have the opportunity to develop and grow.
- Engage with domain leads in Information Technology, Information Security, Disaster Recovery & Business Continuity, Infrastructure, Data Quality, Performance & Scalability, and Change Management & Development Practices to obtain technical domain advice as appropriate.
- Consult and advise on remediation strategies to mitigate risk.
- Provide assistance and guidance to auditors and internal stakeholders to ensure a timely and efficient completion of their examinations and remediation activities.
- Maintain and enhance IT control testing program.
- Provide insight and guidance to IT processes and projects to ensure best practices and security standards are maintained.
- Create training materials to increase awareness and understanding across the organization.
- Bachelor's Degree in Information Systems, Cyber Security, or related field
- 6 years of IT risk management experience in the financial services industry, conducting risk assessments, and performance reporting
- 3-5 years of experience with IT GRC or equivalent risk or security management system
- 3-5 years working for a bank or financial institution
Skills and Knowledge
- Deep understanding of risk concepts (identification, evaluation, mitigation, and measurement) and risk frameworks (NIST, COBIT, ISO
- Certifications in relevant Security and Compliance (CISA, CRISC, CISSP, etc.
- Highly developed ability for conceptual thinking.
- Excellent communication and presentation skills.
- Well-developed impact and influence skills.
- Proven track record of building strong relationships across business functions.
- Extensive knowledge and experience in regulatory guidance, most importantly for the OCC and FFIEC guidelines.
- Strong presentation skills involving large and of varying IT background audiences; ability to adjust message and filter details based on audience.
- Strong Microsoft Excel, PowerPoint, and report writing skills, including the ability to evaluate the usefulness of data and use it in meaningful communication.
*To be considered for this position you must meet at least these basic qualifications
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
INCLUSION AND EQUAL OPPORTUNITY EMPLOYMENT
City National Bank is an equal opportunity employer committed to diversity and inclusion. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other basis protected by law.
ABOUT CITY NATIONAL We start with a basic premise: Business is personal. Since day one we've always gone further than the competition to help our clients, colleagues and community flourish. City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues to drive phenomenal growth today. City National is a subsidiary of Royal Bank of Canada, one of North America's leading diversified financial services companies. Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
Apply on company website