Endpoint Security Risk

Job Description The Endpoint Security Risk & Compliance Lead will be responsible for risk management, audit, and regulatory compliance activities for the Endpoint Security team. They will partner closely with technical Endpoint Security teams, Security Risk teams, and auditors to help ensure compliance with relevant regulations and industry standards. The lead will also drive the development and maintenance of reporting to ensure transparency and accountability for overall compliance with business and governance activities, including the development and implementation of policies, procedures, and controls to maintain the highest level of endpoint security risk management and compliance. What will you do? Stakeholder Collaboration: Work closely with endpoint security teams, IT operations, and risk partners to understand security controls and processes and manage risks. Audit & Regulatory Engagement Leadership: Champion audit, regulatory, and key control engagements with support from technical teams to drive accurate and meaningful responses for evaluators while also identifying areas for learning and improvement. Risk Management: Own primary accountability for endpoint security risk management across endpoint security products. Capturing risks, tracking risks through their lifecycle, and supporting technical teams driving towards remediation. Reporting & Remediation: Drive the development, distribution, and maintenance of meaningful reporting for key governance and compliance metrics relating to endpoint security (e.g., patching, certificate management, and password rotations). Supplier Management Governance: Manage regular reviews of endpoint security technology solutions relating to supplier and data risk, model risk, and exit strategies. What do you need to succeed? Must-have Excellent leadership and collaboration skills: The ability to collaborate with various stakeholders, including endpoint security teams, IT operations, and risk partners, is crucial for success in this role. The candidate must understand, speak, and write in both technical and simplified language, translating technical concepts between various audiences and partner teams including communications to auditor or regulator audiences. Audit and regulatory compliance expertise: Experience with audit and regulatory engagements, including knowledge of relevant laws, regulations, and industry standards (e.g., NIST, SWIFT, PCI-DSS, GDPR), is essential for this position. Strong understanding of security risk management frameworks: The ideal candidate should have in-depth knowledge of security best practices, risk management principles, and industry-recognized security frameworks. Experience with reporting and metrics ownership: The ability to develop and maintain meaningful reports and metrics to measure endpoint security governance and compliance is critical for this role. Nice-to-have Certifications in information security (e.g., CISSP, CCSP, CRISC, CIAM, ITIL) Previous work experience within the Finance or Insurance sector or other large enterprise industry Understanding of security technologies such as anti-virus, data monitoring and protection, cryptography, identity and access management, and vulnerability scanning technologies Knowledge of enterprise environments including IT ecosystems, software networks, traditional on-premise infrastructure and cloud platforms (AWS, Azure, GCP) Experience with agile methodologies and tools, such as Jira or Azure DevOps, for backlog management and sprint planning What is in it for you? We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual. A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable. Leaders who support your development through coaching and managing opportunities. Ability to make a difference and lasting impact. Work in a dynamic, collaborative, progressive, and high-performing team. A world-class training program in financial services. Opportunities to do challenging work. Job Skills Confidentiality, Cyber Security Management, Decision Making, Detail-Oriented, Encryption Software, Group Problem Solving, High Impact Communication, Information Security Management, Information Technology Security, Strategic Thinking Additional Job Details Address: 16 YORK ST:TORONTO City: Toronto Country: Canada Work hours/week: 37.5 Employment Type: Full time Platform: TECHNOLOGY AND OPERATIONS Job Type: Regular Pay Type: Salaried Posted Date: Application Deadline: We care about inclusion and Equal Opportunity Employment At RBC, we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all. Join our Talent Community Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you. Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com. RBC is presently inviting candidates to apply for this existing vacancy. Applying to this posting allows you to express your interest in this current career opportunity at RBC. Qualified applicants may be contacted to review their resume in more detail. #J-18808-Ljbffr