Match score not available

Sr. Information Security Advisor

extra holidays

Remote:

Full Remote

Contract:

Full time

Experience:

Senior (5-10 years)

Work from:

Canada, North Carolina (USA), United States

Offer summary

Qualifications:

Experience in Information Security and Cybersecurity controls., Familiarity with Cloud Computing technologies., Certifications in CISSP or CEH are assets., Proficiency in Threat-risk assessments..

Key responsabilities:

Consult on potential risks and current trends.
Assess business needs against security risks.

CIBC Banking XLarge http://www.cibc.com/

10001 Employees

See all jobs

Job description

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

What you’ll be doing

As a Senior Information Security Advisor you will be responsible for consulting on potential risks as well as current trends to help our technology and business stakeholders meet security goals and objectives. Utilizing your proactive communication skills & relationship building skills, you will partner with line of business and technology teams and help them proactively identify potential risks and present recommendations that are practical and achievable. You will act as a trusted advisor to the lines of businesses they support within a defined coverage model, adding value as an extended member of each line of business's leadership team.

At CIBC we enable the work environment most optimal for you to thrive in your role you’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-3 days per week on-site, while other days will be remote.

How you’ll succeed

Consulting - Review and interpret requirements documentation, architecture diagrams and solution designs to help determine the feasibility of a project and its security risk to CIBC. Assess business needs against potential risks and provide your recommendations to enhance our information security landscape. Coordinate action plans and/or risk as outlined in the Control & Deficiency Management Policy and Deficiency Management User Guide. Build Security In the Lifecycle of Projects. Recommend Cloud Security Controls in a Serverless environment and recommend best security approach in a DevSecOps environment
Communication - Build and present documentation to executive management aimed at communicating potential risks and providing recommendations. Provide feedback to and participate in the design and implementation of security assessment processes across the organization. Research, design, and implement security monitoring practices and operationalize these processes across the group. Understand strategic goals and embed cyber risk management into the culture of the line of business, acting as both a feedback loop across IS, Business and the enterprise. Respond to BU queries in support of the business programs and projects
Delivery and Execution - You will help us execute detailed threat risk and information security assessments, deviations, coordination of penetration testing and reporting. Establish priorities specific to information security duties and conduct Threat Models. Help us complete requests from external partners (corporate and institutional clients) and recommend new controls to reduce risks. Contribute to the identification of key controls or design controls as appropriate. Understand CIBC’s Control Framework, Control and Deficiency Management Policy (and US Supplement) and definition of key control

Who you are

You can demonstrate experience in Information Security, Threat-risk assessments, Vulnerability & Penetration testing, and application security development projects along with familiarity with retail bank ecosystem and Cloud Computing technologies. You understand the technical and business roadmap for Cybersecurity controls and partners with Cybersecurity control owners, architects and engineers to develop integration plans and deliverables. It's an asset if you have exposure to Agile Development processes, and certifications in CISSP, Offensive Security/CEH, CASE-E-Council or CSSLP
You're passionate about people. You find meaning in relationships, and surround yourself with a diverse network of partners. You build trust through respect and authenticity. You partner with subsidiary and affiliates stakeholders to understand current Cybersecurity controls of the subsidiary/affiliate and to develop integration plans. You collaborate with the first line centers of excellence to implement control enhancements and/or new controls as appropriate
You're digitally savvy. You seek out innovative solutions and embrace evolving technologies. You can easily adapt to new tools and trends.
Your influence makes an impact. You know that relationships and networks are essential to success. You inspire outcomes by making yourself heard. You act as owners of Line of Business-specific information security issues, as required. You own and direct security initiatives within the division or business unit based on research and analysis that drive quarterly strategy plans that will be led by the BISO (start to finish)
You give meaning to data. You enjoy investigating complex problems, and making sense of information. You're confident in your ability to communicate detailed information in an impactful way. You develop controls for data validation related to data owned by the Lines of Business Review reports provided by Infrastructure and Support Functions. You successfully linking the business and data security needs of technology solutions that drives our business, smartly
Values matter to you. You bring your real self to work and you live our values – trust, teamwork and accountability.

**Prior to starting in this role, security checks, including a criminal record check must be successfully completed to the satisfaction of CIBC. An annual criminal record check may also be required

#LI-TA

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.
Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.
We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com
You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.
We may ask you to complete an attribute-based assessment and other skills tests (such as simulation, coding, French proficiency, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.