Director, Technology Risk Policy

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit

What you’ll be doing

The Director, Technology Risk Policy and Assessments is a seasoned professional responsible for fulfilling CIBC’s second line of defense in the management of technology risk policy and assessment activities across the organization. The role works closely with the first line of defense, internal and external auditors, regulators, and other stakeholders to ensure that the technology risk policies, standards, and controls are aligned with the global regulatory frameworks and best practices and exceptions and gaps are appropriately managed. The role will also provide oversight and consultation to internal stakeholders on risk mitigating controls and best practices for technology service management capabilities, such as Incident, Problem, Change, Service Continuity Management and IT Asset Management. The role will provide independent challenge and oversight for technology team activities, including review of change initiatives, risk and control self-assessment and deficiency identification and mitigation. The role will be involved in technology incident management and reporting, policy updates, and quarterly risk monitoring and reporting to senior committees and the board.
- At CIBC we enable the work environment most optimal for you to thrive in your role. You’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-3 days per week on-site, while other days will be remote. Details on your work arrangement (proportion of on-site and remote work) will be discussed at the time of your interview._

How you’ll succeed- Effective Leadership - As a people leader, the Director, Technology Risk Policy and Assessments will provide leadership and effective management of business unit staff to influence employee commitment to the organization and to the team.- Risk management: Ongoing review of operational practices, risk assessments, controls, deficiencies, metrics, and other relevant information to form an independent view of technology risks and perform effective challenge. A risk-based approach is leveraged to understand and manage risk of technology-related activities to ensure alignment to operational risk management policies and framework and CIBC risk appetite. In alignment with GORM’s operational risk management program and practices, this includes independent assessment of business lines on activities such as technology risk reviews via the technology scorecard, maintenance and monitoring of compliance to the Technology Risk Management Policy, projects (CIRAs), risk and controls self-assessments (RCSAs), Operational Incidents, control, deficiency and deviation risks monitoring, RAS and KRI development and monitoring, etc. using operational risk tools and processes. The Director leverages strong data and analytical skills to perform detailed research to produce risk insights on current and emerging technologies for distribution to various internal audiences. Impactful and insightful risk reporting is produced for presentation to senior leaders within CIBC.- Technical expertise - Brings instant credibility by skillfully leveraging strong breadth of technology experience and depth of knowledge in key technology domains, including but not limited to areas such as cloud computing, containerization, IT service management, IT Asset management, development practices (DevOps, Agile), to review risks and controls of the business lines and drive positive risk management outcomes. The Director is relied upon for deep expertise in specific domains and industry best practices to support the risk activities across the team (e.g. Technology Scorecard assessments, Technology Risk Management policy maintenance) operating in a matrix style team. Industry recognized technology certifications in their Subject Matter Expertise are preferred such as ITIL, CISM etc.- Effective communications - Demonstrates clarity of thought and fluency in both written and verbal communications and develops and delivers strong reporting content, presentations and assessment summaries on an ongoing basis for senior audiences and risk committees up to and including the Board.- Advisory - Maintains an industry view of the broad technology landscape, understand best practice and performance benchmarks and monitor emerging technology trends. Provides guidance on the management of technology risk when consulted, including risk mitigation strategies. Performs regulatory compliance Oversight Function (OF) accountabilities, monitoring the regulatory landscape