Sr. Manager Information Security Governance

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com (

Protect the bank’s regulatory standing by ensuring compliance and exam readiness, managing regulatory risk. This is a high visibility/high impact role.

There are 3 primary components of the role: regulatory support, internal audit support, regulatory program compliance.

The Sr Manager, Information Security Regulatory & Exam is responsible for regulatory exam support, quarterly regulatory briefings and adhoc regulator asks. You will also support Internal Audit activities. You will also be responsible for overall regulatory compliance, including regulatory compliance program ownership (e.g. NY-DFS, GLBA, FFIEC), performing/overseeing assessments, monitoring regulatory changes and recommending action.

Provide regulatory reporting requirements and ensure timely, accurate and message appropriate reporting.

Support may also include other teams under the Chief Security Office. Support may include and is not limited to Fraud, Operational Resilience, Third Party Governance & Physical Security.

This is a hands on role with prep, coordination, direct activity ownership and oversight.

KEY ACCOUNTABILITIES

• Regulatory Exams

• End to end exam management

• Ensure regulatory exam readiness

• Review and suggest approach (responses, evidence) to regulatory exam letters

• Coordinate response and evidence collection (which may include direct response/fulfillment), evaluating and questioning, aligning on strategic messaging, presenting to sr. leadership to align on audit ready responses

• Regulatory Remediation

• Actively engage in regulatory remediation activities, which may include analysis of regulatory feedback, suggesting recommended action, coordinating and evaluating responses, performing remediation actions, preparing regulatory update decks, creating speaking notes, ensuring messaging alignment with internal stakeholders and addressing any post meeting follow ups.

• Regulatory Briefings

• Prepare oversight briefing materials, which includes recommendations on approach/key themes, with speaking notes

• Coordinate follow up activities

• Internal Audit

• Ensure internal teams are prepared for Internal Audit activities

• Manage and socialize Internal Audit calendar

• Coordinate audits, including fulfillment and evaluation of responses and evidence provided

• Escalate potential issues before formal identification

• Ensure timely review and response to audit reports

• Oversee creation of new audit related deficiencies

• Serve as point for monthly continuous monitoring

• Program Management - Regulatory Program Compliance

• Ensure NY DFS program annual activities are completed, including the NY Branch assessment, surveys, with risks identified and actioned

• Ensure FFIEC/GLBA program activities are completed, including the annual assessment with risks identified and actioned

• Complete annual Regulatory Control Management activities

• Complete annual Regulatory Control Requirement Assessment

• Reporting

• Ensure overall CSO organization regulatory reporting dashboard is delivered

• Monitor relevant laws, regulations and standards to ensure organization’s security practices align with regulatory requirements. Create and distribute monthly regulatory development update reporting.

• Assist with creation of materials for Annual Cyber Security Board Review and Quarterly Board Risk Committee Meetings

• Creation of materials for various reporting committees and forums, including weekly status

• Creation of materials for various reporting committees and forums, including weekly reports, business unit reviews and horizontal reviews

• Projects

• Oversee or complete specific enterprise, US region or department initiatives

• General

• Build strong relationships with internal and external partners, seen by them as a trusted partner

• Complete ad hoc and urgent requests from internal and external partners, and recommend new controls to reduce risks

• Work closely with US TI&I Risk & Controls Team, Regulatory Affairs, Operational Risk Management (ORM) and Internal Audit as required.

• Teamwork and Relationship Building – Foster collaborative relationships with a wide range of stakeholders to identify opportunities to enhance Information Security processes and controls, understand pain-points and priorities, influence direction, solve problems, and ensure successful adoption and operation of policies and standards.

• Will be required to foster relationships with middle to senior management, and senior executives across a range of functions including Risk Management and Technology.

• Share governance best practices, based on regulatory and audit observations and feedback identified

• Provides ongoing advice and direction on a variety of complex conceptual or interpretative issues

• Perform regulatory controls as assigned control performer

• Implement continuous improvement areas

• Create and maintain procedural documentation

Knowledge & Skills:

• 10 years in Information Security, IT Risk Management, regulatory compliance or audit functions, within a US or Canadian bank (preferably at least 5 years in a leadership role)

• Deep knowledge of key information security domains including network security, IAM, data protection, vulnerability management, application security, etc.

• Awareness of emerging technologies and risks

• Proven track record of managing banking regulatory examinations (e.g. FRB) and state specific oversight (e.g. NYDFS)

• Demonstrated experience with FFIEC IT/Cyber Exam Handbook and GLBA Safeguards rule compliance.

• Strong understanding of control frameworks (e.g. NIST CSF)

• Ability to identify regulatory themes, assess control effectiveness and spot emerging gaps

• Hands on experience preparing and delivering materials for regulatory agencies and internal/external auditors.

• Skilled in exam logistics

• Ability to determine and draft formal regulatory responses to information security issues which are clear, defensible and aligned with the overall risk posture

• Experienced influencing and presenting to sr. leadership, boards and regulators

• Exceptional written and verbal communication skills, with the ability to translate technical requirements into clear actionable language for regulators and executives.

• Strong interpersonal skills to influence without direct authority

• Experience with GRC platforms (e.g. MetricStream,OneTrust, Archer)

• Certified professional with current Industry recognized certifications such as CISSP, CISM, CISA

• You see the big picture and operate strategically

• You act like an owner. You are action oriented, thriving when you're empowered to take initiative, go above and beyond, and deliver results.

• You have a passion for excellence, holding yourself and others accountable.

• You know that details matter. You notice and question things that others don’t. Your critical thinking skills help to inform your decision-making.

• You are a strong communicator, verbally and in writing, with the ability to flex to needs of executives and team members within and outside of US Information Security.

• You’re goal-oriented. You’re motivated by accomplishing individual and team based goals and consistently delivering your best to make a difference.

• You are a curious learner, staying current on industry trends.

• You challenge the status quo and have a passion for continuous improvement.

Work Environment: 2 days in office, 3 days remote

At CIBC, we offer a competitive total rewards package. This role has an expected salary range of $160,000- $190,000 for the market based on experience, qualifications, and location of the position. The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which may also include a discretionary bonus component. CIBC offers a full range of benefits and programs to meet our employee’s needs; including Medical, Dental, Vision, Health Savings Account, Life Insurance, Disability, and Other Insurance Plans, Paid Time Off (including Sick Leave, Parental Leave and Vacation), Holidays and 401(k), in addition to other special perks reserved for our team members.”

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.

• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

• CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact View email address on click.appcast.io

• You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

• We may ask you to complete an attribute-based assessment and other skills tests (such as simulation, coding, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.

Job Location

IL-70 W Madison St, 9th Fl

Employment Type

Regular

Weekly Hours

40

Skills

Analytical Thinking, Group Problem Solving, Information Security, Network Operations, Security Operations, Security Risk Assessment, Technical Knowledge

At CIBC, we are in business to help our clients, employees and shareholders achieve what is important to them. Our ability to create value for all CIBC stakeholders is driven by a business culture based on common values: Trust, Teamwork and Accountability.

Working with CIBC makes you a part of a work environment committed to our clients, employees and communities - a place where you can excel.

Every day, our 48,000 employees help our clients achieve their financial goals, because what matters to our clients, matters to us.