Director, Cyber

**What you’ll do**

The Director should possess superior communication and judgement skills to facilitate accurate cyber and technology risk assessments and mitigation options while developing relationships and working collaboratively with many stakeholders including the various business units, cyber security, technology teams, and internal audit. The Director will also instill a risk and control discipline and risk-aware culture through education, consultation, and the development of risk management capabilities across key teams.
- Provides technical leadership and guidance, security consulting and risk oversight to first line operational and project teams across the Bank.
- Educates and instills a risk aware cyber security culture across the organization.
- Develops and facilitates the implementation of cyber and technology risk management processes and capabilities to protect the organization’s critical information assets and systems.
- Facilitates the cyber and technology risk assessment process across numerous stakeholders, ensuring risks are adequately assessed, risk reduction and mitigation strategies are employed, and risk governance and approval procedures are followed.
- Detects and mitigates cyber and technology risks that are significant and critical-level impacts to the organization, thereby preventing potential cyber attack scenarios and significant losses from occurring. Facilitates and provides guidance for cyber and technology related scenario analysis exercises.
- Reviews and advises on the cyber and technology security design and associated risks and mitigation approaches for third parties and all new initiatives. Monitors and challenges the first line of defence activities related to the risk assessments for third party service providers.
- Provides a layer of independent challenge of cyber risk through targeted independent assessments of current cyber security and technology practices, initiatives, and strategies.
- Oversees and enhances the measurement framework for cyber key risk metrics, and defines tolerance limits based on risk appetite, business needs, industry standards, and regulatory expectations.
- Reviews and provides guidance on changes to policies and supporting standards and guidelines.
- Collaborates and develops strong relationships with the CTC Cyber Security and CTB IT Risk Governance & Security teams.
- Partners with technology and business stakeholders to assess the effectiveness of current business continuity planning and disaster recovery providing recommendations and influencing as required.
- Stays abreast and opines on emerging security threats, technology advancements, risk management trends, industry trends and possible implications for the Bank.

**What you bring**
- Advanced knowledge in IT, cyber risk management, business resiliency, network management/architecture, vendor risk management, vulnerability management, information security, and data protection/management (other related domains considered an asset).
- 10+ years progressive management experience in cyber and/or technology security risk management experience ideally at another Canadian financial institution.
- Relevant work experience in Information Technology and in cyber security frameworks such as those published by guiding organizations (NIST, SANS, ISO). Ability to translate framework to practical advice, assessment, and analysis.
- Knowledge of governance, risk, and compliance frameworks such as ITIL, NIST, COSO, COBIT, etc.
- Strong ethical principles and understanding of business and information security ethics.
- At least one of these certifications would be desirable: CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP
- Solid knowledge of network technologies, hardware platforms and operating systems.
- Solid understanding of security requirements through an entire technology stack.
- Good knowledge of applicable data privacy practices.
- Effective at breaking down complex problems to a level that work groups can own, translating technology information as appropriate to drive effective decision making.
- Influences through seasoned communication and negotiation skills, strong collaboration, and relationship-building skills.
- Provides technical consultation at all levels across the organization as a sought-out expert in multiple technical domains.
- Ability to inspire, remove roadblocks, and coach technical stakeholders.

**Hybrid**

We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team.

**About Us**

At Canadian Tire Services Limited/Canadian Tire Bank, it is our mandate to continue to create innovative and rewarding financial solutions for our customers. Our growing suite of products and services showcase the dynamic contributions from our employees and our success is driven by a