Cyber Security Risk Director

Description You will be working on a flexible hybrid schedule as part of Fidelity’s dynamic working arrangement.Who We AreAt Fidelity, we’ve been helping Canadian investors build better financial futures for over 35 years. We offer individuals and institutions a range of trusted investment portfolios and services - and we’re constantly seeking to find new and better ways to help our clients. As a privately owned company, we boldly embrace innovation in all areas as we continue to grow our business into the future.Working with us means you’ll be part of a diverse and dedicated group of people who make a real difference for our clients and communities every day. You’ll have a wide range of opportunities to grow and develop your career in an inclusive environment where you’ll feel valued and supported to be your best - both personally and expertly.What You Will DoThe Cyber Security Risk Director is a leadership position responsible for leading the development of Fidelity Canada’s cyber security risk posture as part of the second line of defense. This role ensures that cyber security risks are effectively identified, assessed, mitigated, and monitored across Fidelity Canada (Fidelity Clearing Canada (FCC), Fidelity Investments Canada (FIC) and Fidelity Canada Institutional Management (FCIM)). The Director will be a certified subject matter expert in cyber security risk who provides strategic advisory support in the development and maintenance of a comprehensive cyber security risk framework and will work closely with key stakeholders to enhance the organization’s resilience against emerging threats.The Director will collaborate with key stakeholders in Information Security, Enterprise Risk, Technology Risk, and other relevant functional stakeholders across Fidelity Canada, Fidelity International Limited (FIL) and Fidelity Management & Research Company (FMR) to ensure cohesive and effective cyber security risk management. This role is responsible for advancing and safeguarding Fidelity Canada’s reputation and operational effectiveness through the continuous enhancement of its cyber security risk posture.Key responsibilities include:Oversight and accountability of the cyber security risk framework and methodologies, conducting both planned and ad-hoc technical risk reviews, evaluating technology and business initiatives with cyber security implicationsRepresent Fidelity Canada on FIL cyber governance committeesLead the development of Fidelity Canada’s Cyber Risk Oversight ProgramDesign, implement, and maintain a comprehensive cybersecurity risk oversight program supported by well-defined policies that align with enterprise risk appetite, regulatory requirements, and industry standardsIdentify and assess cybersecurity risks and advise business units and Information Security stakeholders on risk issues to ensure awareness and accountability for cybersecurity risks.Monitor external trends and evaluate potential impacts to business strategy; provide documented analytical insights of the risk profile, while ensuring a sound operational control environment through establishment of effective internal controls.Perform review and challenge of first line of defense cyber risk management processes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances etc.) and communicate risk opinions at various levels of management.Advise on remediation strategies of any inconsistencies and gaps identified through independent assessments of key cybersecurity processes.Provides second line of defense leadership and subject matter expertise during response to major cyber incidents including cyber-security related privacy events and coordinate second line of defense engagement and response.Develop and provide regular reporting to senior management committees across Fidelity .Responsible for ownership of relationships with external cyber security risk expertsEnsure all activities and deliverables achieve their timeliness, quality, and accuracy service levels.What We Are Looking For:Completed University Degree or equivalent work experience7+ years of related work experience, in which a subset is practical experience in multiple areas of cyber risk and 5+ years of experience at the management levelExperience with developing and implementing cybersecurity risk oversight programs in the financial services sector, preferably in a 2nd or 3rd line of defenseKnowledge of current and evolving regulatory requirements, current trends in cyber threats/vulnerabilitiesAdvanced knowledge of cyber risk management best practices and how to implement themExperience with risk frameworks and standards such as NIST CSF and ISO 27001Experience in Cybersecurity risk consulting in the financial services sector, Cyber security audit or in a similar second line of defense role is an assetProficiency with the COBIT risk framework is considered advantageousProfessional Certifications in Cybersecurity, such as CRISC (ISACA), CISM (ISACA), CISA (ISACA), CISSP (ISC²), and CCSP (ISC²)The Skills You BringDemonstrated leadership skills and ability to lead oversight activities across different teamsA keen sense of risk anticipation with attention to details and ability to challenge status quoAbility to build relationships, influencing and negotiating across diverse stakeholders across the lines of defense, including senior managementExcellent written and oral communication skillsUnderstanding of systems architectureExcellent analytical, organizational and project management skills.Strong risk, process, and control validation and/or assessment skillsCurrent work authorization for Canada is required for all openings.Some of the ways we’ll help you feel valued and supported as part of our team:Flexible working arrangements - 100% remote, hybrid, and in office optionsCompetitive total compensation, including company contributions to your group RRSP without a matching requirement from youComprehensive health benefits that start on your first day, with 100% employer-paid premiums, that include up to $5000 annually for mental health services and therapyParental leave top-up to 100% of your salary for a period of 25 weeksUp to $650 for home office equipmentGenerous time off policy, including 2 paid days annually to volunteer at a charity of your choiceDiversity and inclusion programs, including an active network of Employee Resource GroupsExtensive professional development opportunities, including access to over 11,000 training and development courses, tuition reimbursement, and monetary rewards for completing a required designation We care a lot about fostering a compassionate, people-centric culture, and are proud to have been named one of Canada’s Top 100 employers for the last five years.