Posted in

Director – Cyber and IT Risk Framework Policy and Standards

Director – Cyber and IT Risk Framework Policy and Standards

CompanyRoyal Bank of Canada
LocationToronto, ON, Canada
Salary$Not Provided – $Not Provided
TypeFull-Time
Degrees
Experience LevelSenior, Expert or higher

Requirements

  • Minimum of 8 years IT experience
  • Minimum of 5 years experience in a broad range of the Information Security services (e.g. security planning & development, working with global security groups, security incidents)
  • Minimum 5 years technology operational experience
  • Proven experience defining and implementing Cyber and Technology policies, standards and procedures across multiple platforms, with compliance checks
  • Proven experience facilitating constructive debates that generate feedback, collaboration and value added results

Responsibilities

  • Provide primary and comprehensive advisory on RBC’s security framework, policies, standards and guidelines to a complex level, and ensure their effective development.
  • Contribute to the development of IT Risk governance frameworks, policies and standards by leveraging existing frameworks and approaches.
  • Manage and maintain the Cyber & Technology Governance Roadmap and supporting pipeline and schedule of policy and standards development, updates, and refreshes, that ensures policies and standards are reviewed and updated in a timely manner.
  • Maintain the repository of assigned Frameworks, policies, standards, guidelines, glossaries, and regional addendums.
  • Work with the regional representatives to: coordinate the scanning for regulatory changes, maintain the Regulatory Intelligence repository, and facilitate the completion of gap analysis against our policies and standards.
  • Maintain a supportable opinion on RBC’s risk and effectiveness of our policies and standards using analytics, review of IT Issues, Control effectiveness reviews, Key Risk Indicators and assessments as required.
  • Support the handling of questions pertaining to cyber and technology policies and standards from regulators, and 3rd parties.
  • Maintain assigned Cyber and IT Risk Governance Domain profiles to provide a strong fact based opinion on the associated IT Risk.
  • Deliver presentations and updates to key business/T&O stakeholders.
  • Provide timely insight to business and technology partners on risk and controls, to ensure effective responses and no surprises.

Preferred Qualifications

    No preferred qualifications provided.