We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

KEY ACCOUNTABILITIES

Regulatory ExamsEnd to end exam managementEnsure regulatory exam readinessReview and suggest approach (responses, evidence) to regulatory exam lettersCoordinate response and evidence collection (which may include direct response/fulfillment), evaluating and questioning, aligning on strategic messaging, presenting to sr. leadership to align on audit ready responsesRegulatory RemediationActively engage in regulatory remediation activities, which may include analysis of regulatory feedback, suggesting recommended action, coordinating and evaluating responses, performing remediation actions, preparing regulatory update decks, creating speaking notes, ensuring messaging alignment with internal stakeholders and addressing any post meeting follow ups.Regulatory BriefingsPrepare oversight briefing materials, which includes recommendations on approach/key themes, with speaking notesCoordinate follow up activitiesInternal AuditEnsure internal teams are prepared for Internal Audit activitiesManage and socialize Internal Audit calendarCoordinate audits, including fulfillment and evaluation of responses and evidence providedEscalate potential issues before formal identificationEnsure timely review and response to audit reportsOversee creation of new audit related deficienciesServe as point for monthly continuous monitoringProgram Management - Regulatory Program ComplianceEnsure NY DFS program annual activities are completed, including the NY Branch assessment, surveys, with risks identified and actionedEnsure FFIEC/GLBA program activities are completed, including the annual assessment with risks identified and actionedComplete annual Regulatory Control Management activitiesComplete annual Regulatory Control Requirement AssessmentReportingEnsure overall CSO organization regulatory reporting dashboard is deliveredMonitor relevant laws, regulations and standards to ensure organization’s security practices align with regulatory requirements.  Create and distribute monthly regulatory development update reporting.Assist with creation of materials for Annual Cyber Security Board Review and Quarterly Board Risk Committee MeetingsCreation of materials for various reporting committees and forums, including weekly statusCreation of materials for various reporting committees and forums, including weekly reports, business unit reviews and horizontal reviewsProjectsOversee or complete specific enterprise, US region or department initiativesGeneralBuild strong relationships with internal and external partners, seen by them as a trusted partnerComplete ad hoc and urgent requests from internal and external partners, and recommend new controls to reduce risksWork closely with US TI&I Risk & Controls Team, Regulatory Affairs, Operational Risk Management (ORM) and Internal Audit as required.Teamwork and Relationship Building – Foster collaborative relationships with a wide range of stakeholders to identify opportunities to enhance Information Security processes and controls, understand pain-points and priorities, influence direction, solve problems, and ensure successful adoption and operation of policies and standards.Will be required to foster relationships with middle to senior management, and senior executives across a range of functions including Risk Management and Technology.Share governance best practices, based on regulatory and audit observations and feedback identifiedProvides ongoing advice and direction on a variety of complex conceptual or interpretative issuesPerform regulatory controls as assigned control performerImplement continuous improvement areasCreate and maintain procedural documentationKNOWLEDGE AND SKILLS10 years in Information Security, IT Risk Management, regulatory compliance or audit functions, within a US or Canadian bank (preferably at least 5 years in a leadership role)Deep knowledge of key information security domains including network security, IAM, data protection, vulnerability management, application security, etc.Awareness of emerging technologies and risksProven track record of managing banking regulatory examinations (e.g. FRB) and state specific oversight (e.g. NYDFS)Demonstrated experience with FFIEC IT/Cyber Exam Handbook and GLBA Safeguards rule compliance.Strong understanding of control frameworks (e.g. NIST CSF)Ability to identify regulatory themes, assess control effectiveness and spot emerging gapsHands on experience preparing and delivering materials for regulatory agencies  and internal/external auditors.Skilled in exam logisticsAbility to determine and draft  formal regulatory responses to information security issues which are clear, defensible and aligned with the overall risk postureExperienced influencing and presenting to sr. leadership, boards and regulatorsExceptional written and verbal communication skills, with the ability to translate technical requirements into clear actionable language for regulators and executives.Strong interpersonal skills to influence without direct authorityExperience with GRC platforms (e.g. MetricStream,OneTrust, Archer)Certified professional with current Industry recognized certifications such as CISSP, CISM, CISAYou see the big picture and operate strategicallyYou act like an owner. You are action oriented, thriving when you're empowered to take initiative, go above and beyond, and deliver results.You have a passion for excellence, holding yourself and others accountable.You know that details matter. You notice and question things that others don’t. Your critical thinking skills help to inform your decision-making.You are a strong communicator, verbally and in writing, with the ability to flex to needs of executives and team members within and outside of US Information Security.You’re goal-oriented. You’re motivated by accomplishing individual and team based goals and consistently delivering your best to make a difference.You are a curious learner, staying current on industry trends.You challenge the status quo and have a passion for continuous improvement.

"At CIBC, we offer a competitive total rewards package. This role has an expected salary range of $140,000- $160,000 for the market based on experience, qualifications, and location of the position. The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which may also include a discretionary bonus component. CIBC offers a full range of benefits and programs to meet our employee’s needs; including Medical, Dental, Vision, Health Savings Account, Life Insurance, Disability, and Other Insurance Plans, Paid Time Off (including Sick Leave, Parental Leave and Vacation), Holidays and 401(k), in addition to other special perks reserved for our team members.”

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.

Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com

You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

We may ask you to complete an attribute-based assessment and other skills tests (such as simulation, coding, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.

Job Location

IL-70 W Madison St, 8th Fl

Employment Type

Regular

Weekly Hours

40

Skills

Analytical Thinking, Group Problem Solving, Information Security, Network Operations, Security Operations, Security Risk Assessment, Technical Knowledge