​WHAT IS THE OPPORTUNITY?

RBC’s Global IT Risk (GITR) function enables the protection of RBC's brand, systems, and operations by equipping the business and technology partners with meaningful insights, actionable advice, and information on RBC IT & Cyber risks. Join our dynamic team as a “Senior Analyst - Cyber Security, and IT Risk Management”, where you will play a pivotal role in advancing our organization's technology, risk, security, and operations landscape. You will execute risk-based control testing activities, independently evaluating the design, implementation, and operating effectiveness of these controls to enhance our first line of defense (1LOD). This role is essential in supporting the identification and mitigation of operational, IT, and regulatory risks. As a result of work performed as part of this role, you will greatly contribute towards the implementation of enterprise-wide initiatives aimed at improving technology operations risk management practices. Your expertise will be crucial in driving change and overall improvement across the organization’s approach to IT and Cyber risk. This is an advanced senior position, offering opportunities to work across the organization, functions, and make a significant impact.

WHAT WILL YOU DO?

• Internal Control Testing: Participate in all phases of the internal control monitoring process, including planning, testing, evaluating risk, identifying mitigating controls, developing conclusions, writing reports, and maintaining work papers.

• Execute Control Testing: Perform risk-based control assessments to evaluate the design, implementation, and operating effectiveness of IT and Operational Controls. Document test work while adhering to quality standards, procedures, and organizational best practices. Responsible for executing Control Assessments (i.e., Testing) of Technology and Operation’s [T&O’s] first line Key Controls across various domains (including Cyber security, Cloud Operations, Service and Capacity management, Network Operations). May act as designated lead tester/reviewer of control testing engagements.

• Conduct Concurrent Control Testing Engagements: Collaborate internally and externally across multiple concurrent testing engagements of varying complexity, ensuring they are completed efficiently and within timelines. Identify potential issues, conflicts, and risks, and escalating as necessary.

• Control Testing Reporting: Analyze, aggregate, and articulate the results, issues, and recommendations related to control testing activities or other control monitoring activities and regulatory exams.

• Stakeholder Collaboration: Establish and maintain strong working relationships across business units and platforms. Collaborate with various groups to define and achieve deliverables, acting as a trusted advisor on control documentation and testing. Collaborate and liaise with 2LOD and 3LOD (Internal Audit) when required.

• Control Deficiency Management: Coordinate with stakeholders to log, manage, and track control deficiencies. Assess remediation plans to ensure they are designed to effectively reduce risk and verify that corrective actions are implemented according to plan.

• Subject Matter Expertise: Serve as a trusted advisor, advising stakeholders on control documentation and testing, ensuring compliance with organizational policies, regulatory requirements, and industry standards.

• Stay Informed: Maintain a thorough understanding of external technology and cybersecurity trends, emerging technologies, and internal technology and cyber risk management approaches. Collaborate with other teams on IT risk-related initiatives to provide guidance and ensure the organization's risk posture aligns with its overall risk appetite. Maintain thorough understanding of organization's governing policies and standards, IT control testing methodologies, and related regulatory and compliance standards.

What You Need to Succeed?

Must have:

• Educational Background & Certifications: Degree in Computer Science, Engineering, or a related field is required. Either CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Security Auditor), or CISSP (Certified Information Systems Security Professional) is preferred.

• Experience: Minimum of 3 years’ experience in Information/Cyber Security, IT Risk Management, IT Operations, or Technology, with at least 3 years focused on controls testing, internal audit, quality control, risk management, or compliance. Ideally, within the financial services industry, a public accounting firm, or a financial institutions regulator.

• Technical Proficiency: A strong understanding of technology and cyber risk management is crucial. Experience with IT risk management practices is highly valued.

• Project Management & Organizational Skills: Strong organizational, project management, and time management capabilities are essential. You must be deadline-driven and results-oriented, able to consistently meet high-quality standards while managing multiple tasks and deadlines.

• Communication Skills: Demonstrated excellence in both written and oral communication is a must. You should be proficient in effectively and timely communicating with stakeholders, understanding their information and communication needs, and presenting information clearly and persuasively.

• Analytical Thinking: Strong analytical and rational thinking, supported by solid writing skills are essential for documenting and communicating test work effectively. You should be able to grasp stakeholder expectations and align your communication accordingly.

• Industry Insight: An understanding of the financial services industry or technology sector, coupled with a familiarity with regulatory environments, will greatly enhance your ability to succeed in this role.

Nice-to-have:

• A strong understanding of financial services industry and experience with Compliance and Industry framework such as ISO27001, NIST 800-53, NIST CSF, NIST 800-171, COBiT etc.

• Knowledge of OSFI, FINRA, SEC, MSRB, FRBNY and OCC rules and regulations.

• Strong knowledge of rules, regulations and compliance requirements for the financial services industry concerning hybrid cloud and multiple technology domains specific to the areas of oversight.

• Working experience in cybersecurity and/or IT risk management spaces.

• Big Four (4) IT risk consulting and/or audit experience.

RBC is committed to supporting flexible work arrangements when and where available. Details to be discussed with Hiring Manager.

WHAT'S IN IT FOR YOU?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable.

• Leaders who support your development through coaching and managing opportunities

• Ability to make a difference and lasting impact.

• Work in a dynamic, collaborative, progressive, and high-performing team

• A world-class training program in financial services

• Flexible work/life balance options.

• Opportunities to do challenging work.

#LI-Hybrid

#LI-POST

#TECHPJ

Job Skills

Critical Thinking, Cyber Security Management, Decision Making, Detail-Oriented, Information Security Management, Information Technology Security, Interpersonal Relationship Management, IT Security Architecture, Performance Management (PM)

Additional Job Details

330 FRONT ST W:TORONTOTORONTOCanada37.5Full timeTECHNOLOGY AND OPERATIONSRegularSalaried2024-09-032024-09-18