Canadian Imperial Bank of Commerce
Sr. Manager, Information Security - Regulatory & Examination
Canadian Imperial Bank of Commerce, Chicago, Illinois, United States, 60290
* Ensure overall CSO organization regulatory reporting dashboard is delivered* Monitor relevant laws, regulations and standards to ensure organization’s security practices align with regulatory requirements.
Create and distribute monthly regulatory development update reporting.* Assist with creation of materials for Annual Cyber Security Board Review and Quarterly Board Risk Committee Meetings* Creation of materials for various reporting committees and forums, including weekly status* Creation of materials for various reporting committees and forums, including weekly reports, business unit reviews and horizontal reviews* Build strong relationships with internal and external partners, seen by them as a trusted partner* Complete ad hoc and urgent requests from internal and external partners, and recommend new controls to reduce risks* Work closely with US TI&I Risk & Controls Team, Regulatory Affairs, Operational Risk Management (ORM) and Internal Audit as required.* Teamwork and Relationship Building – Foster collaborative relationships with a wide range of stakeholders to identify opportunities to enhance Information Security processes and controls, understand pain-points and priorities, influence direction, solve problems, and ensure successful adoption and operation of policies and standards.* Will be required to foster relationships with middle to senior management, and senior executives across a range of functions including Risk Management and Technology.* Share governance best practices, based on regulatory and audit observations and feedback identified* Provides ongoing advice and direction on a variety of complex conceptual or interpretative issues* Perform regulatory controls as assigned control performer* Implement continuous improvement areas* Create and maintain procedural documentation* **KNOWLEDGE AND SKILLS*** 10 years in Information Security, IT Risk Management, regulatory compliance or audit functions, within a US or Canadian bank (preferably at least 5 years in a leadership role)* Deep knowledge of key information security domains including network security, IAM, data protection, vulnerability management, application security, etc.* Awareness of emerging technologies and risks* Proven track record of managing banking regulatory examinations (e.g. FRB) and state specific oversight (e.g. NYDFS)* Demonstrated experience with FFIEC IT/Cyber Exam Handbook and GLBA Safeguards rule compliance.* Strong understanding of control frameworks (e.g. NIST CSF)* Ability to identify regulatory themes, assess control effectiveness and spot emerging gaps* Hands on experience preparing and delivering materials for regulatory agencies
and internal/external auditors.* Skilled in exam logistics* Ability to determine and draft
formal regulatory responses to information security issues which are clear, defensible and aligned with the overall risk posture* Experienced influencing and presenting to sr. leadership, boards and regulators* Exceptional written and verbal communication skills, with the ability to translate technical requirements into clear actionable language for regulators and executives.* Strong interpersonal skills to influence without direct authority* Experience with GRC platforms (e.g. MetricStream,OneTrust, Archer)* Certified professional with current Industry recognized certifications such as CISSP, CISM, CISA* You see the big picture and operate strategically* You act like an owner. You are action oriented, thriving when you're empowered to take initiative, go above and beyond, and deliver results.* You have a passion for excellence, holding yourself and others accountable.* You know that details matter. You notice and question things that others don’t. Your critical thinking skills help to inform your decision-making.* You are a strong communicator, verbally and in writing, with the ability to flex to needs of executives and team members within and outside of US Information Security.* You’re goal-oriented. You’re motivated by accomplishing individual and team based goals and consistently delivering your best to make a difference.* You are a curious learner, staying current on industry trends.* You challenge the status quo and have a passion for continuous improvement.* We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program\*, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.* Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.* We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.At CIBC, we are in business to help our clients, employees and shareholders achieve what is important to them. Our ability to create value for all CIBC stakeholders is driven by a business culture based on common values: Trust, Teamwork and Accountability.
Working with CIBC makes you a part of a work environment committed to our clients, employees and communities - a place where you can excel.
Every day, our 44,000 employees help our clients achieve their financial goals, because what matters to our clients, matters to us. #J-18808-Ljbffr
Create and distribute monthly regulatory development update reporting.* Assist with creation of materials for Annual Cyber Security Board Review and Quarterly Board Risk Committee Meetings* Creation of materials for various reporting committees and forums, including weekly status* Creation of materials for various reporting committees and forums, including weekly reports, business unit reviews and horizontal reviews* Build strong relationships with internal and external partners, seen by them as a trusted partner* Complete ad hoc and urgent requests from internal and external partners, and recommend new controls to reduce risks* Work closely with US TI&I Risk & Controls Team, Regulatory Affairs, Operational Risk Management (ORM) and Internal Audit as required.* Teamwork and Relationship Building – Foster collaborative relationships with a wide range of stakeholders to identify opportunities to enhance Information Security processes and controls, understand pain-points and priorities, influence direction, solve problems, and ensure successful adoption and operation of policies and standards.* Will be required to foster relationships with middle to senior management, and senior executives across a range of functions including Risk Management and Technology.* Share governance best practices, based on regulatory and audit observations and feedback identified* Provides ongoing advice and direction on a variety of complex conceptual or interpretative issues* Perform regulatory controls as assigned control performer* Implement continuous improvement areas* Create and maintain procedural documentation* **KNOWLEDGE AND SKILLS*** 10 years in Information Security, IT Risk Management, regulatory compliance or audit functions, within a US or Canadian bank (preferably at least 5 years in a leadership role)* Deep knowledge of key information security domains including network security, IAM, data protection, vulnerability management, application security, etc.* Awareness of emerging technologies and risks* Proven track record of managing banking regulatory examinations (e.g. FRB) and state specific oversight (e.g. NYDFS)* Demonstrated experience with FFIEC IT/Cyber Exam Handbook and GLBA Safeguards rule compliance.* Strong understanding of control frameworks (e.g. NIST CSF)* Ability to identify regulatory themes, assess control effectiveness and spot emerging gaps* Hands on experience preparing and delivering materials for regulatory agencies
and internal/external auditors.* Skilled in exam logistics* Ability to determine and draft
formal regulatory responses to information security issues which are clear, defensible and aligned with the overall risk posture* Experienced influencing and presenting to sr. leadership, boards and regulators* Exceptional written and verbal communication skills, with the ability to translate technical requirements into clear actionable language for regulators and executives.* Strong interpersonal skills to influence without direct authority* Experience with GRC platforms (e.g. MetricStream,OneTrust, Archer)* Certified professional with current Industry recognized certifications such as CISSP, CISM, CISA* You see the big picture and operate strategically* You act like an owner. You are action oriented, thriving when you're empowered to take initiative, go above and beyond, and deliver results.* You have a passion for excellence, holding yourself and others accountable.* You know that details matter. You notice and question things that others don’t. Your critical thinking skills help to inform your decision-making.* You are a strong communicator, verbally and in writing, with the ability to flex to needs of executives and team members within and outside of US Information Security.* You’re goal-oriented. You’re motivated by accomplishing individual and team based goals and consistently delivering your best to make a difference.* You are a curious learner, staying current on industry trends.* You challenge the status quo and have a passion for continuous improvement.* We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program\*, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.* Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.* We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.At CIBC, we are in business to help our clients, employees and shareholders achieve what is important to them. Our ability to create value for all CIBC stakeholders is driven by a business culture based on common values: Trust, Teamwork and Accountability.
Working with CIBC makes you a part of a work environment committed to our clients, employees and communities - a place where you can excel.
Every day, our 44,000 employees help our clients achieve their financial goals, because what matters to our clients, matters to us. #J-18808-Ljbffr