Director, Technology Risk Assessment and Reporting

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit

What you'll be doing

The Director, Technology Risk Assessment and Reporting is a seasoned professional responsible for fulfilling CIBC’s second line of defence in the management of technology risk policy and assessment activities across the organization. The role works closely with the first line of defence, internal and external auditors, regulators, and other stakeholders to ensure that the technology risk policies, standards, and controls are aligned with the global regulatory frameworks and best practices and exceptions and gaps are appropriately managed. The role will manage an annual risk review of technology IT service management capabilities, working with external and enterprise internal stakeholders, using an industry framework and internal data and tools to produce a risk based assessment of maturity, to be reported to senior leadership. The Director will provide oversight and consultation to regional technology stakeholders, to provide review and challenge of capabilities as well as provide insights into an enterprise view of technology risk. The role will bring the benefit of expertise in technology emerging and established practices, to provide independent challenge and oversight for technology team activities, including review of change initiatives, risk and control self-assessment and deficiency identification and mitigation. The role will be involved in technology incident management and reporting and quarterly risk monitoring and reporting to senior committees and the board.
- At CIBC we enable the work environment most optimal for you to thrive in your role. You’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-3 days per week on-site, while other days will be remote. Details on your work arrangement (proportion of on-site and remote work) will be discussed at the time of your interview._

How you’ll succeed- Risk management: The Director, Technology Risk Assessment and Reporting will conduct and coordinate an annual risk review of technology capabilities against a standard industry framework, using operational risk identification and measurement tools and data to form an independent view of technology risks and perform effective challenge. The annual program will be coordinated with internal and external stakeholders and culminate in annual reporting to senior leadership. Taking a business unit oversight view, the Director will conduct independent assessment of assigned business lines on activities such as projects (CIRAs), risk and controls self-assessments (RCSAs), Operational Incidents, control, deficiency and deviation risks monitoring, RAS and KRI development and monitoring, etc. using operational risk tools and processes. The Director leverages strong data and analytical skills to perform detailed research to produce risk insights on current and emerging technologies for distribution to various internal audiences. Impactful and insightful risk reporting is produced for presentation to senior leaders within CIBC.- Technical expertise - Brings instant credibility by skillfully leveraging strong breadth of technology experience and depth of knowledge in key technology domains, including but not limited to areas such as cloud computing, containerization, IT service management, IT Asset management, development practices (DevOps, Agile), to review risks and controls of the business lines and drive positive risk management outcomes. The Director is relied upon for deep expertise in specific domains and industry best practices to support the risk activities across the team (e.g. Technology Scorecard assessments, Technology Risk Management policy maintenance) operating in a matrix style team. Industry recognized technology certifications in their Subject Matter Expertise are preferred such as ITIL, CISM etc.- Effective communications - Demonstrates clarity of thought and fluency in both written and verbal communications and develops and delivers strong reporting content, presentations and assessment summaries on an ongoing basis for senior audiences and risk committees up to and including the Board.- Advisory - Maintains an industry view of the broad technology landscape, understand best practice and performance benchmarks and monitor emerging technology trends. Provides guidance on the management of technology risk when consulted, including risk mitigation strategies. Performs regulatory compliance Oversight Function (OF) accountabilities, monitoring the regulatory landscape for changes in legislation and