CIBC US
Cyber and Technology Operational Risk Manager
CIBC US, Chicago, Illinois, United States, 60290
Cyber and Technology Operational Risk Manager
Join to apply for the
Cyber and Technology Operational Risk Manager
role at
CIBC US
We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients. At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute. To learn more about CIBC, please visit CIBC.com.
What You’ll Be Doing The US Operational Technology and Cyber Risk Manager acts as a second line of defense in ensuring that the bank’s technology and cybersecurity operational risk and control frameworks, policies, standards and procedures are understood and used effectively to manage operational risk. As the Risk Manager in the second line of defense risk management function, you will provide expert oversight and support for the identification, measurement, mitigation, monitoring, and reporting of cyber and technology risk across CIBC US region. You will collaborate closely with information security, technology, and risk partners to ensure a consistent, integrated approach to risk management. At CIBC we enable the work environment most optimal for you to thrive in your role. You’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 3 days per week on-site, while other days will be remote.
How You’ll Succeed
Risk Management & Portfolio Oversight – Review operational practices, risk assessments, controls, deficiencies, metrics and other relevant information to form an independent view of cyber risks and perform effective challenges. Apply a risk-based approach to assess and manage risks related to information/cyber security, ensuring alignment with operational risk management policies, the CIBC risk appetite, and specific risk tolerances. Conduct independent assessments of business lines and initiatives, such as projects, risk and control self-assessments and incidents, using established operational risk tools and processes. Leverage strong data and analytical skills to conduct detailed research, generate actionable risk insights, and document findings for distribution to various internal audiences. Prepare high-quality, impactful risk reporting and portfolio-level insights for senior operational risk management leadership and committees.
Technical & Analytical Expertise – Bring credibility and influence by leveraging your broad technology experience and deep risk expertise in areas such as cloud, network, cybersecurity, DevOps, vulnerability management and IT service management to assess and challenge risks and controls across technology and business lines. Support risk activities across the team, including incident management, deficiency management, risk reviews and risk assessments, operating within a matrix team environment, and driving continuous improvement in risk management methodologies.
Advisory & Continuous Improvement – Maintain a forward‑looking, industry‑informed view of the technology and cyber risk landscape, staying current with best practices, performance benchmarks and emerging trends. Provide expert guidance on the management and mitigation of cyber risks and contribute to the continuous enhancement of operational risk management methodologies and practices.
Collaboration & Relationship Building – Leverage effective communication and people skills to build and sustain trusted internal relationships, positioning yourself as a valued partner who provides sound risk guidance and demonstrates a deep understanding of both the business and technology environments. Collaborate closely with information security, technology, risk and business partners to ensure a consistent and integrated approach to risk management.
Risk Culture – Promote a culture of risk awareness and the importance of robust operational and cyber risk management practices. Ensure operational risk policies, processes and continuous improvement initiatives are effectively communicated.
Who You Are
You bring broad expertise in cyber and technology risk. You have demonstrated experience across IT service management, cybersecurity and associated industry frameworks and regulations. You are adept at managing risk across multiple domains, including technology infrastructure, application delivery, architecture, IT asset management and cybersecurity.
You possess a Bachelor’s degree preferably in technology and/or information security, management, risk or business.
You have 7+ years of relevant technology and information security risk work experience in the financial industry. Large financial institution or large foreign banking organization second line of defense experience is preferred.
You possess technical acumen and a continuous improvement mindset. You have technical experience in areas such as cloud, Agile/DevOps, automation and industry‑recognized certifications (e.g., CISA, CISSP, Microsoft Certified: Cybersecurity Architect Expert) are considered valuable assets.
You have a solid understanding of NIST Cybersecurity Framework, ITIL and related IT topics covered by Federal Financial Institutions Examination Council (FFIEC) handbooks.
You actively contribute to the enhancement of risk management methodologies and are always seeking opportunities to innovate and improve.
You are data‑driven and insightful. You enjoy investigating complex problems, leveraging strong analytical skills to extract insights from data and translate findings into actionable recommendations for risk mitigation and reporting.
You are a collaborative partner and effective communicator. You excel at building strong working relationships and collaborating with diverse stakeholders in a dynamic, fast‑paced environment. You work seamlessly with technology, information security and risk partners to drive integrated and consistent risk management.
Benefits At CIBC, we offer a competitive total rewards package. This role has an expected salary range of $90,000–$130,000 for the market based on experience, qualifications and location of the position. The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which may also include a discretionary bonus component. CIBC offers a full range of benefits and programs to meet our employees’ needs, including medical, dental, vision, health savings account, life insurance, disability and other insurance plans, paid time off (including sick leave, parental leave and vacation), holidays and 401(k), in addition to other special perks reserved for our team members. This position does not offer visa sponsorship.
What You Need To Know
CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com.
You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.
We may ask you to complete an attribute‑based assessment and other skills tests (such as simulation, coding, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.
Expected End Date: 2026‑01‑30
Job Location: IL‑120 S LaSalle St
Employment Type: Regular (Full‑time) – 40 hours per week
Skills: Analytical Thinking, Continuous Improvement Techniques, Control Frameworks, Decision Making, Emerging Risks, Group Problem Solving, Operation Risk Management, Risk Assessments, Risk Monitoring
#J-18808-Ljbffr
Cyber and Technology Operational Risk Manager
role at
CIBC US
We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients. At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute. To learn more about CIBC, please visit CIBC.com.
What You’ll Be Doing The US Operational Technology and Cyber Risk Manager acts as a second line of defense in ensuring that the bank’s technology and cybersecurity operational risk and control frameworks, policies, standards and procedures are understood and used effectively to manage operational risk. As the Risk Manager in the second line of defense risk management function, you will provide expert oversight and support for the identification, measurement, mitigation, monitoring, and reporting of cyber and technology risk across CIBC US region. You will collaborate closely with information security, technology, and risk partners to ensure a consistent, integrated approach to risk management. At CIBC we enable the work environment most optimal for you to thrive in your role. You’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 3 days per week on-site, while other days will be remote.
How You’ll Succeed
Risk Management & Portfolio Oversight – Review operational practices, risk assessments, controls, deficiencies, metrics and other relevant information to form an independent view of cyber risks and perform effective challenges. Apply a risk-based approach to assess and manage risks related to information/cyber security, ensuring alignment with operational risk management policies, the CIBC risk appetite, and specific risk tolerances. Conduct independent assessments of business lines and initiatives, such as projects, risk and control self-assessments and incidents, using established operational risk tools and processes. Leverage strong data and analytical skills to conduct detailed research, generate actionable risk insights, and document findings for distribution to various internal audiences. Prepare high-quality, impactful risk reporting and portfolio-level insights for senior operational risk management leadership and committees.
Technical & Analytical Expertise – Bring credibility and influence by leveraging your broad technology experience and deep risk expertise in areas such as cloud, network, cybersecurity, DevOps, vulnerability management and IT service management to assess and challenge risks and controls across technology and business lines. Support risk activities across the team, including incident management, deficiency management, risk reviews and risk assessments, operating within a matrix team environment, and driving continuous improvement in risk management methodologies.
Advisory & Continuous Improvement – Maintain a forward‑looking, industry‑informed view of the technology and cyber risk landscape, staying current with best practices, performance benchmarks and emerging trends. Provide expert guidance on the management and mitigation of cyber risks and contribute to the continuous enhancement of operational risk management methodologies and practices.
Collaboration & Relationship Building – Leverage effective communication and people skills to build and sustain trusted internal relationships, positioning yourself as a valued partner who provides sound risk guidance and demonstrates a deep understanding of both the business and technology environments. Collaborate closely with information security, technology, risk and business partners to ensure a consistent and integrated approach to risk management.
Risk Culture – Promote a culture of risk awareness and the importance of robust operational and cyber risk management practices. Ensure operational risk policies, processes and continuous improvement initiatives are effectively communicated.
Who You Are
You bring broad expertise in cyber and technology risk. You have demonstrated experience across IT service management, cybersecurity and associated industry frameworks and regulations. You are adept at managing risk across multiple domains, including technology infrastructure, application delivery, architecture, IT asset management and cybersecurity.
You possess a Bachelor’s degree preferably in technology and/or information security, management, risk or business.
You have 7+ years of relevant technology and information security risk work experience in the financial industry. Large financial institution or large foreign banking organization second line of defense experience is preferred.
You possess technical acumen and a continuous improvement mindset. You have technical experience in areas such as cloud, Agile/DevOps, automation and industry‑recognized certifications (e.g., CISA, CISSP, Microsoft Certified: Cybersecurity Architect Expert) are considered valuable assets.
You have a solid understanding of NIST Cybersecurity Framework, ITIL and related IT topics covered by Federal Financial Institutions Examination Council (FFIEC) handbooks.
You actively contribute to the enhancement of risk management methodologies and are always seeking opportunities to innovate and improve.
You are data‑driven and insightful. You enjoy investigating complex problems, leveraging strong analytical skills to extract insights from data and translate findings into actionable recommendations for risk mitigation and reporting.
You are a collaborative partner and effective communicator. You excel at building strong working relationships and collaborating with diverse stakeholders in a dynamic, fast‑paced environment. You work seamlessly with technology, information security and risk partners to drive integrated and consistent risk management.
Benefits At CIBC, we offer a competitive total rewards package. This role has an expected salary range of $90,000–$130,000 for the market based on experience, qualifications and location of the position. The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which may also include a discretionary bonus component. CIBC offers a full range of benefits and programs to meet our employees’ needs, including medical, dental, vision, health savings account, life insurance, disability and other insurance plans, paid time off (including sick leave, parental leave and vacation), holidays and 401(k), in addition to other special perks reserved for our team members. This position does not offer visa sponsorship.
What You Need To Know
CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com.
You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.
We may ask you to complete an attribute‑based assessment and other skills tests (such as simulation, coding, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.
Expected End Date: 2026‑01‑30
Job Location: IL‑120 S LaSalle St
Employment Type: Regular (Full‑time) – 40 hours per week
Skills: Analytical Thinking, Continuous Improvement Techniques, Control Frameworks, Decision Making, Emerging Risks, Group Problem Solving, Operation Risk Management, Risk Assessments, Risk Monitoring
#J-18808-Ljbffr