Cibc
Sr.ManagerInformationSecurityGovernance
Neural analysis suggests this role is
optimal for Senior candidates.
“Sr. Manager Information Security Governance at Cibc. Skills: Information Security, Regulatory compliance, Risk management, Audit. Protect bank's regulatory standing. Ensure compliance and exam readiness”
What You'll Achieve.
Ensure compliance and exam readiness; Deliver regulatory reporting dashboard; Ensure security practices align with regulatory requirements
Industry & Context.
Group Problem Solving; Analytical Thinking; Critical thinking skills help to inform your decision-making
2 days in office, 3 days remote
What They're Looking For.
Must Have
10 years in Information Security, IT Risk Management, regulatory compliance or audit functions, at least 5 years in a leadership role, Proven track record of managing banking regulatory examinations, state specific oversight, Demonstrated experience with FFIEC IT/Cyber Exam Handbook and GLBA Safeguards rule compliance, Hands on experience preparing and delivering materials for regulatory agencies and internal/external auditors, Skilled in exam logistics, Ability to determine and draft formal regulatory responses, Experienced influencing and presenting to sr. leadership, boards and regulators, Exceptional written and verbal communication skills, interpersonal skills to influence without direct authority, Certified professional with current Industry recognized certifications such as CISSP, CISM, CISA, legally eligible to work at the location(s) specified
Nice to Have
in a US or Canadian bank, GRC platforms (e.g. MetricStream, OneTrust, Archer)
What You'll Do.
Protect bank's regulatory standing
Ensure compliance and exam readiness
Manage regulatory risk
Provide regulatory support
Provide internal audit support
Manage regulatory program compliance
Perform/oversee assessments
Monitor regulatory changes
Provide regulatory reporting
Ensure timely reporting
Support Operational Resilience
Support Third Party Governance
Support Physical Security
Manage end to end exam
Ensure exam readiness
Review and suggest approach
Coordinate response and evidence collection
Evaluate and question responses
Align on strategic messaging
Present to sr. leadership
Engage in regulatory remediation
Analyze regulatory feedback
Suggest recommended action
Coordinate and evaluate responses
Perform remediation actions
Prepare regulatory update decks
Create speaking notes
Ensure messaging alignment
Address post meeting follow ups
Prepare oversight briefing materials
Coordinate follow up activities
Ensure internal teams prepared for Internal Audit
Manage and socialize Internal Audit calendar
Fulfill and evaluate responses
Escalate potential issues
Ensure timely review and response
Oversee creation of new audit deficiencies
Serve as point for continuous monitoring
Ensure NY DFS program annual activities completed
Ensure FFIEC/GLBA program activities completed
Complete annual Regulatory Control Management activities
Complete annual Regulatory Control Requirement Assessment
Ensure CSO organization regulatory reporting dashboard delivered
Create and distribute monthly regulatory development update reporting
Assist with creation of materials for Annual Cyber Security Board Review
Assist with creation of materials for Quarterly Board Risk Committee Meetings
Create materials for various reporting committees
Oversee or complete enterprise initiatives
Build relationships with internal and external partners
Recommend new controls to reduce risks
Work closely with US TI&I Risk & Controls Team
Work closely with Regulatory Affairs
Work closely with Operational Risk Management (ORM)
Work closely with Internal Audit
Foster collaborative relationships
Identify opportunities to enhance Information Security processes
Understand pain-points and priorities
Ensure successful adoption and operation of policies
Foster relationships with middle to senior management
Foster relationships with senior executives
Share governance best practices
Provide ongoing advice and direction
Perform regulatory controls
Implement continuous improvement areas
Create and maintain procedural documentation
How You'll Work.
Team & Collaboration
Build relationships with internal and external partners; Foster collaborative relationships with a wide range of stakeholders; Work closely with US TI&I Risk & Controls Team, Regulatory Affairs, Operational Risk Management (ORM) and Internal Audit
Communication Scope
Exceptional written and verbal communication skills; ability to translate technical requirements into clear actionable language; interpersonal skills to influence without direct authority
Process & Methodology
End to end exam management, Program Management, Oversee or complete specific enterprise, US region or department initiatives
Full Job Description
We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients. At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute. To learn more about CIBC, please visit [CIBC.com](https://www.cibc.com/en/about-cibc.html) Protect the bank’s regulatory standing by ensuring compliance and exam readiness, managing regulatory risk. This is a high visibility/high impact role. There are 3 primary components of the role: regulatory support, internal audit support, regulatory program compliance. The Sr Manager, Information Security Regulatory & Exam is responsible for regulatory exam support, quarterly regulatory briefings and adhoc regulator asks. You will also support Internal Audit activities. You will also be responsible for overall regulatory compliance, including regulatory compliance program ownership (e.g. NY-DFS, GLBA, FFIEC), performing/overseeing assessments, monitoring regulatory changes and recommending action. Provide regulatory reporting requirements and ensure timely, accurate and message appropriate reporting. Support may also include other teams under the Chief Security Office. Support may include and is not limited to Fraud, Operational Resilience, Third Party Governance & Physical Security. This is a hands on role with prep, coordination, direct activity ownership and oversight. **_KEY ACCOUNTABILITIES_** * Regulatory Exams * End to end exam management * Ensure regulatory exam readiness * Review and suggest approach (responses, evidence) to regulatory exam letters * Coordinate response and evidence collection (which may include direct response/fulfillment), evaluating and questioning, aligning on strategic messaging, presenting to sr. leadership to align on audit ready responses * Regulatory Remediation * Acti
Applying for this Sr. Manager Information Security Governance role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Cibc?
Real rants from real employees. Read before you apply.