CIBC’s Technology Infrastructure and Innovation (TI&I) business spans Technology, Information Security, Deposit Operations, Loan Operations, Payment Operations, Data Management Office, Corporate Real Estate, Corporate Security, Procurement, Operational Resilience, and Risk & Governance. TI&I drives operational excellence by managing the technology and operations required to run the bank, enabling transformation through innovation, and supporting growth objectives with flawless execution of strategic initiatives.

The Governance and Oversight team within TI&I operates as a First Line team in the Three Lines of Defense model, enabling risk discipline, business resiliency, and value creation while strengthening the CIBC Risk Management Framework.

What You'll Be Doing

As Director, Governance & Controls, you will be a key leader within the US TI&I organization, reporting to the Head of Governance & Oversight. You will be responsible for designing, implementing, and continuously enhancing governance, risk, and control frameworks for our US Technology and Information Security (IT/IS) functions. This role is integral to maintaining a robust risk culture, ensuring regulatory compliance, and driving operational resilience in a complex, fast-paced environment.

Strategic Leadership & Advisory

• Serve as a trusted advisor to stakeholders, providing proactive guidance on risk management, control design, and compliance with organizational policies, regulatory requirements, and industry standards.

• Lead the development and execution of GRC strategies aligned with CIBC’s risk appetite and US regulatory expectations (FFIEC, GLBA, NYDFS, NIST, COBIT, ISO).

• Act as a thought leader, driving control maturity and operational risk alignment across the organization.

Governance, Risk & Controls

• Oversee the identification, assessment, escalation, and mitigation of IT/IS risks, ensuring alignment with enterprise risk frameworks. Oversee the implementation of effective controls, ensuring they are integrated into business processes and technology systems. Conduct regular reviews of controls to assess the impact of changes in business processes, new projects, and emerging risks. Maintain oversight of the global control environment impacting IS/IT, ensuring alignment with CIBC’s broader risk management objectives and US regulatory requirements.

• Design and implement continuous control monitoring and assurance programs, leveraging data analytics and automation to enhance oversight. Conduct comprehensive risk assessments and ensure integration of effective controls into business and technology processes.

• Perform validation and quality assurance reviews of issues, ensuring proper risk management practices and closure in accordance with 2nd Line of Defense (LOD) guidance. Monitor and report on key risk and control metrics to senior leadership, providing actionable insights and recommendations.

Regulatory Compliance & Engagement

• Maintain deep knowledge of US and global regulatory requirements, ensuring frameworks and practices remain current and compliant. Support regulatory exams, internal audits, and industry assessments, ensuring timely resolution of findings and implementation of corrective actions.

Continuous Improvement & Innovation

• Drive continuous improvement initiatives, leveraging emerging technologies and industry trends to strengthen the control environment. Foster a culture of innovation, risk awareness, and accountability across the team and broader organization.

Stakeholder Engagement & Relationship Management

• Build and maintain strong relationships with internal and external stakeholders, including auditors, regulators, and industry associations. Collaborate across the three lines of defense to maintain a robust control framework and foster a culture of sustainable continuous improvement and innovation; ensuring clear roles, responsibilities, and effective partnership. Prepare and present risk and control reports to executive management, regulators, and external stakeholders.

Team Leadership

• Lead, mentor, and develop a high-performing, diverse team, fostering an inclusive culture of risk awareness and driving collective success.

How You’ll Succeed

• Governance, Risk & Controls (GRC): Proactively identify, assess, and manage risks, ensuring controls are designed and implemented to mitigate those risks effectively. Maintain a forward-looking view of the control environment, staying informed on regulatory changes, emerging risks, and industry best practices.

• Advisory & Thought Leadership: Provide expert guidance to IS / IT teams on risk management, control design, and compliance. Act as a thought leader, applying advanced concepts to drive control maturity and alignment with operational risk standards.

• Continuous improvement – Inspire a culture of continuous improvement by leveraging leadership behaviors, innovative methods, and enabling technologies. Drive initiatives that enhance the efficiency, effectiveness, and sustainability of the control environment.

• Communication – Exhibit strong verbal and written communication skills. Deliver insights and recommendations in a manner that resonates with diverse audiences, including senior leadership, regulators, and external stakeholders. Translate complex data and findings into actionable insights that drive decision-making.

• Business Acumen – Demonstrate a strong understanding of control frameworks, regulations, management control environments, audit, corporate policies and standards, business processes, and new industry-level guidance.

• Relationship Building – Build trust and credibility with stakeholders by demonstrating expertise, authenticity, and a collaborative approach. Foster an inclusive and collaborative environment that drives collective success.

• Collaboration & Partnership – Establish and maintain a strong operating/engagement model with the IS/IT organization, 2LOD, 3LOD, and Enterprise partners as the foundation to a strong collaborative partnership with clearly defined roles and responsibilities.

Who You Are

• You are an experienced risk leader with a minimum of 10 years of progressive experience in technology risk management, cybersecurity, or controls implementation within a large, complex financial institution (GSIB experience preferred). You have a proven track record of developing, leading, and executing GRC strategies in a technology-driven environment.

• You are a regulatory and industry expert with deep knowledge of US and global regulatory requirements and industry standards (FFIEC, GLBA, NYDFS, NIST, COBIT, ISO). You have experience managing regulatory exams, audits, and industry assessments, and hold relevant certifications such as CISA, CRISC, CISSP, or CISM.

• You are a strategic and analytical thinker who sees the big picture, anticipates future trends, and develops long-term plans that align with organizational goals. You excel at analyzing complex situations, identifying opportunities and risks, and making informed decisions that drive sustainable success.

• You are a problem solver and innovator who approaches challenges with creativity and resourcefulness. You develop original solutions that address issues effectively and drive continuous improvement, thriving in dynamic environments and leveraging new ideas to deliver impactful results.

• You are data-driven and a strong communicator who interprets and analyzes complex data, communicating detailed information in a meaningful way. You leverage data analysis and visualization to provide insights and recommendations to diverse audiences.

• You are a champion of change who continuously evolves your thinking and working methods to deliver optimal results. You are flexible and able to pivot easily in response to shifting priorities.

• You are a caring and accountable leader who is passionate about developing and coaching others to bring out their best. You have experience leading diverse, high-performing teams and driving collective success through collaboration and inclusion.

• You are a collaborative relationship builder who thrives in a team environment, leveraging the power of collaboration to achieve shared goals. You excel at building constructive and collaborative relationships, inspiring outcomes, and fostering trust through respect and authenticity.

• You are detail-oriented and notice things that others don't, using critical thinking skills to inform decision-making and ensure the integrity of risk and control processes.

• Values matter to you. You bring your real self to work, and you live our values - trust, teamwork, and accountability