IT Security Risk Assessment Manager

Join to apply for the IT Security Risk Assessment Manager role at Butterfield Group Based in our Halifax office, the IT Security Risk Assessment Manager reports to the Deputy Chief Information Security Officer and is responsible for delivering and maintaining the Cyber Security Risk Assessment services function. They ensure we can detect application, cloud, and third‑party security threats and de‑risk these according to our appetite. Your responsibilities will include: Running the security risk assessment program for Information and Cyber Security (ICS), ensuring best practices and risk reduction. Ensuring the hybrid staffed/managed service operating model is appropriate to Butterfield’s size. Ensuring that utilized internal and third‑party services maintain service coverage at the right cost and quality. Defining meaningful key performance indicators and key risk indicators for measuring coverage and performance of Butterfield’s security risk assessment capabilities. Defining Service Level Agreements and monitoring the performance of security risk remediation within Butterfield Group. Undertaking annual SWIFT attestation testing and reporting effectiveness to the Group’s Chief Information Security Officer (CISO). Supporting the wider Cyber Risk Assurance function in control testing of key ICT controls. Helping with developing, implementing, and publishing information security standards and guidelines. Providing subject‑matter expertise and best practices on application, cloud, and third‑party security standards, while offering strategic and tactical guidance for IT projects, including evaluation and recommendation of technical controls. Providing responses to regulator and investor inquiries regarding Butterfield security risk assessment standards. Contributing to the program of continuous risk assessment and application vulnerability reviews, including coordinating all required fixes/changes assigned to the CISO. Guiding relevant senior management and business units in developing, implementing, and maintaining information security. Aiding peer managers in understanding and responding to security audit failures reported by internal and external auditing departments. Designing the technology, processes, functions, and services required by an application security testing or security risk assessment team to stay ahead of threats, vulnerabilities, breaches, or deficiencies. Developing and implementing procedural changes given incident trends, market practice, and legislative changes to reduce risk. Applying application security procedures as part of new IT project implementations. Your qualifications and skills include: Five or more years of experience in Information Technology Security. Proven experience working within Application Security and Security Risk Assessment teams. Knowledge of legislation related to Information Security. Strong interpersonal and communication skills. Deep knowledge of Application Security Testing technologies and how to approach security risk assessments. Why Butterfield? Butterfield is a leading, independent offshore bank and trust company. With more than 1,300 financial services professionals across ten international jurisdictions, our experience is enhanced by robust learning and development opportunities, comprehensive benefits, and a respectful environment that values diversity. Guided by our core values—approachable, collaborative, empowered, and impactful—we empower individuals to achieve their potential and make a positive impact on our business, clients, and communities. Visit to view all opportunities and apply via our careers portal. Closing Date January 8, 2026 Seniority level Mid‑Senior level Employment type Full‑time Job function Information Technology Industry Banking Referrals increase your chances of interviewing at Butterfield Group by 2x Get notified about new Information Technology Security Specialist jobs in Halifax, Nova Scotia, Canada . #J-18808-Ljbffr