senior cybersecurity risk manager
cibc
Total years of experience :7 years, 6 Months
• Partner with technology teams and business leaders to identify, assess and challenge operational risks for Technology, Cloud, Cybersecurity, Data security, BCP and Disaster Recovery .
• Translate risk requirements into security controls and accountable for Capital Market Technology and Cybersecurity risks.
• Engage with solution architects and engineers to define Technology and security requirements and controls for data at rest ie. (data encryptions), data in transit ie. (TLS, VPN, HTTPS), data classifications, Cloud security and containerization, Identity, and access controls (MFA, PAM, SSO, least privilege), and security monitoring.
• Perform risk assessments for third party risks and make sure controls are aligned with Bank security policy and risk appetite.
• Perform challenge on Risks identification and assessment part of RCSA (Risk Control Self Assessment) annual practices.
• Monitor and manage Tech and Cyber Incidents, review Post Implementation Reports, prepare and assess Incidents Risks reports to OSFI.
• Participate in Incidents PIR meetings to challenge on technology and Cyber risks, Incidents impacts and mitigation and controls.
• Act as the key representative in response to internal/external auditors and regulators.
• Participate to update and recommend changes to Cyber & IT Risk policies/standards.
• Stay up to date on cyber threats/vulnerabilities and emerging technologies and potential implications to the bank.
• Participate in scenario analysis including ransomware attacks for Business, Clients and third parties’ scenarios.
• Work closely with organization leaders, stakeholders, and operational risk teams to define policies and processes.
• Manage vulnerability scanning and remediation projects and work closely with test teams to advice on risks and testing process.
• Provided oversight and challenge on first line of defense on mitigation controls implementations for projects/ changes.
• Worked with Technology SMEs and executives to ensure security controls for identified risks will be implemented before going- live.
• Reported and monitored on Cyber, Cloud and Technology Risks in technology projects, business projects, regulatory requirements and Third party.
• Advised on security requirements, policies, standards, and procedures to business and internal stakeholders for new projects.
• Developed operational processes and producers to execute Risk assessment and engagement models.
• Technology and Cyber incident risk analysis and operational risk event monitoring, escalation and tracking of remediation efforts.
• Prepared risk dashboards and risk-related presentations for executive's review.
• Leveraged Archer initiatives through documentation of requirements, process flows to assess and information risks.
• Influenced and negotiated with first lines and second lines to meet IRM requirements and timelines.
• Actively engaged to solve problems and automate Risk Assessment systems.
Key Projects:
• Identified and Assessed Cyber, Data, Resiliency risks for Enterprise Datawarehouse migration to Azure Cloud.
• Identified and Assessed Cyber, Data, Resiliency risks and necessary controls for DCJ migration to Cloud.
• Defined projects requirements aligned priorities and resolved conflicts between projects and aligned tasks between project managers.
• Planned and executed projects with a high level of complexity and unknowns including, manage project scope, requirement changes and priorities.
• Built strong relationships with business partners and developed a deep understanding of their objectives and expectations.
• Worked with application teams and business owners to design Infrastructure solutions and worked closely with other stakeholders e.g., IT engineers, compliance, finance, privacy, sourcing, as required and get their buy-In
• Build strong team relationships by leading, coaching, and motivating team members and identifying and resolving blockers or conflicts.
• Collaborate with business partners, executives, and technical teams to deliver quality solutions to business.
• Proactively identify risks and issues using appropriate assumptions and develop strategies and mitigation plans, regular risk management and tracking by RAID log, follow risk management process to identify risks and control gaps to response to risks.
• Managing all project communications including steering committee presentations, status reports to executives, stakeholders, business units, vendors, project team, etc.
• Co-ordinate Post Implementation Verification testing with the Business contacts
• Identify operational gaps and recommend process improvements.
• Manage projects budget estimate and expenses.
Key Projects:
• Led multiple TD Offices exit projects on annual basis to decommission IT technologies including (Wireless, LAN rooms, Audio/Video devices, telephony platforms, Workstations, Servers) and managed multiple teams of stakeholders and SMEs to vacate floors of TD premises. Approximate budget 500K per building
• Managed video conference upgrade of TD board of directors' offices during design and deployment phase, approx. budget 1, 8 M
• Managed multiple Audio Video upgrades, VOIP phones upgrades and Wi-Fi upgrades projects in annual and quarterly basis
• Managed Canvas application and Infrastructure deployment for new TD Cybersecurity operation center with team of +10 IT SMEs, Business, and vendors with restricted timeline.
• Managed IT-Real Estate technology projects and delivered IT Infrastructure (Wi-Fi upgrade, VOIP phones upgrade, Audio/Video upgrade, Network capacity upgrade and Workstations equipment) for 1000 TD employees.
• Software currency upgrade upgrades across TD Contact Center and IT Real Estate (VIM upgrade and Telepresence Management Software upgrade)
URL removed due to policy violation. Please contact support for further information.