CNB is seeking an experienced Senior Cybersecurity Risk Analyst who will identify, analyze and report enterprise technology risks for executive level business, cybersecurity and information security leadership. The Senior Analyst's work product will be shared with the Audit and Risk Committee, Royal Bank of Canada, and CNB's regulators. The Senior Analyst will perform quantitative and qualitative analysis to support the prioritization of risk mitigation projects, measure progress of technology risk reduction initiatives, and identify areas with high residual risk. The Senior Analyst will create presentations, briefings and communications on technology risk issues for a variety of internal and external stakeholders. The Senior Analyst will also perform challenge and oversight of the First Line of Defense as a member of the Second Line of Defense, and will develop, collect and report metrics, Key Risk Indicators (KRI), and maintain CNB's risk register.
Manage the risk assessment process, ensure assessments are completed in a timely manner, are appropriately scoped, and provide assurance through management control testing, including applications, data centers, databases, and infrastructure.
Have primary responsibility for architecting the risk assessment system to ensure all necessary inputs, modules, and reports are implemented to automate to the extent reasonably possible.
Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes; perform gap analysis.
Map regulatory requirements across regulations to identify overlapping requirements and compliance efficiencies.
Track regulatory compliance and maintain up to date records of requirements and corresponding mitigating controls.
Ensure that CNB's IT policies and standards comply with regulations; work with the Policy and Standards Committee when policies need to be updated or created.
Work with business units to ensure controls are effective and appropriately address the relevant regulatory and security requirements they address.
Complete credible challenge and oversight of the first line of defense (the business functions) as a member of the second line of defense.
Coordinate with other compliance functions -- like Audit, Legal, Enterprise Risk, and Privacy -- to track compliance across the organization and pool expertise on vague or complex regulatory requirements.
Minimum 7 years of experience in cybersecurity risk assessment and analysis
Minimum 4 years of experience with eGRC or equivalent risk or security management system
Minimum 4 years working for a bank or financial institution
Skills and Knowledge:
Bachelor's degree in computer science, cybersecurity, information security, or related field is preferred
Ideal candidate will have experience with internal control frameworks for information technology, information security, IT governance frameworks, and conducting and analyzing cyber risk assessments.
Demonstrate knowledge and aptitude for methods for scoring, calculating, and quantifying risk.
Must be able to effectively articulate ideas through verbal and written communications.
Experience with MS Excel, eGRC systems, such as Archer or RSAM
Prefer certifications: CISSP, CISA, CRISC, FAIR or related certifications
Ideal candidate will have relevant experience in an IT department along with at least 4 years in banking or financial services, or equivalent experience in a consulting capacity
Prior experience analyzing and applying regulatory requirements to security practices
Familiarity with changes and trends in the regulatory landscape
Demonstrated organization, facilitation, communication, and presentation skills
Demonstrated ability to lead and execute across a range of businesses and functions with differing issues and interdependencies
Experience in designing and executing management testing of key controls, evaluating controls for effectiveness and efficiency.
Represents basic qualifications for the position. To be considered for this position you must at least meet the basic qualifications.
Equal Opportunity/Affirmative Action Employer, Minorities/Females/Individuals with Disabilities/Veterans
Note: This preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Note: Candidates should be advised that City National Bank does not pay interviewee travel expenses or relocation expenses for candidates who are hired unless previously agreed.
Equal Opportunity Empl
City National Corporation