Director – Cyber & IT Risk

Director – Cyber & IT Risk

Requirements

• Minimum 10 years of experience in IT and cybersecurity risk management, compliance, audit, or related roles, preferably in a large, global financial services company.
• Minimum 10 years of financial services industry experience, of which 5 years must include direct experience in IT Risk Management.
• Proven leadership and program management skills to drive alignment across key business functions.
• Deep understanding of risk framework, corporate/business policies, and programs to translate into plans for the business, function and/or risk type.
• Knowledge and understanding of regulatory and IT risk management Policies/Standards and best practices in the financial services industry.
• Proven experience in senior management or executive reporting with a strong emphasis on effective communication and presentation skills.
• Strong interpersonal, influencing, and communications skills with an ability to interact effectively with stakeholders and regulators, and the ability to effectively manage and build relationships across RBC.
• Proven leadership and project management skills to drive alignment across stakeholder groups to develop and deliver repeatable end-to-end risk management solutions and controls aligned with group’s processes.
• Proficiency in risk management tools, data analytics software such as Tableau, Microsoft Excel, and PowerPoint.
• Strong problem-solving abilities and a strategic mindset.
• Excellent people skills and relationship management skills with the ability to present information effectively, able to inspire trust and engage stakeholders at all levels.
• Excellent analytical, communication, and presentation skills, with the ability to convey complex concepts to diverse audiences.

Responsibilities

• Oversee the definition, communication, maintenance, and reporting for the CUSO 2LOD Cyber & IT Risk Strategy and Roadmap.
• Perform periodic monitoring and maintaining the CUSO 2LOD Cyber & IT Risk Operating Model, including reviewing Roles and Responsibilities.
• Maintain the US Technology Risk Committee (TRC) Charter, set agenda for, and conduct the US TRC on a periodic basis with documented agenda, meeting minutes, and action item tracking.
• Participate and contribute to risk metrics and risk appetite being developed by RBC Enterprise and ensure alignment with US risk reporting requirements.
• On-going monitoring and reporting of CUSO Key Risk Indicators (KRIs) and CUSO Risk Appetite Measures (RAMs) against risk appetite thresholds.
• Monitor and report on CUSO gaps in adherence to Enterprise IT Risk Management framework and its associated policies or standards.
• Collaborate with peer Risk functions of Third-Party Risk Management, Business Continuity Risk Management, Fraud and Payments Risk Management, and Information Risk Management.
• Provide 2LOD CUSO cybersecurity and IT risk scenario input into the CUSO Operational Risk Scenario Analysis plan and support execution of risk scenario analysis.
• Monitor and report on status of CUSO 1LOD aggregate risk issues, root cause analysis, action plan and risk acceptances.
• Review and analyze risk and control data from CUSO 1LOD activities to identify risk themes, correlations, systemic issues and other risk intelligence, document, and report on results.
• Engage with risk business platform leads to create and maintain the US Technology and Cyber Risk Profile for the CUSO.
• Define, maintain, and execute CUSO 2LOD cybersecurity and IT risk procedures to periodically report on CUSO risk posture to senior management and risk committee(s).
• Create, review, and communicate CUSO 2LOD aggregated risk metric and KRI reporting to senior management and risk committee(s) including CUSO Operational Risk Committee (ORC), Risk Management Committee (RMC) and Risk Committee of the U.S. Board.
• Support responses to ORC, RMC, and CUSO Risk Committee of the Board inquiries and requests.
• Using enterprise risk tooling and metric definitions, produce reports on CUSO 2LOD cybersecurity and IT risk metrics, KRIs and RAMs.
• Escalate CUSO cybersecurity and IT risks and incidents to the appropriate risk committee(s) following the enterprise policies, standards, and guidelines.
• Enhance CUSO risk reporting process and procedures to align with enterprise strategic risk governance changes.
• Support ongoing enhancements to risk monitoring and reporting processes as new Key Risk Indicators (KRIs) are available.

Preferred Qualifications

No preferred qualifications provided.