What is the opportunity?

As part of the Group Risk Management (GRM) Enterprise Resilience Risk team, the Director, Cyber & Technology Risk will be responsible for providing Cyber and IT Risk Management subject matter expertise in the form of oversight and challenge to the first line of defense operating teams in the areas of AI, technology architecture, cloud and emerging technologies globally.

This includes providing an opinion on RBC’s Technology risk posture, developing Key Risk Indicators to measure and monitor Cyber & Technology Risk and contributing to the development of enterprise policies and standards governing Technology Operations and Infrastructure Risk.

As Second Line of Defense, the incumbent will be leading a team working closely with the cyber and technology teams in providing an independent opinion on Cloud, AI and Emerging Technology Risks leveraging both quantitative (risk indicators) and qualitative methods.

You will be responsible in keeping abreast of new and emerging technologies, AI, Gen AI and develop a strong understanding of associated risks that will assist the bank in further strengthening the control environment.

You will support Cyber and Technology Risk Management leadership in delivering various oversight and challenge processes, developing, and utilizing effective risk appetite metrics; keeping abreast of emerging technologies and associated risks and perform thematic reviews to identify potential risk areas and remediation recommendations.

What will you do?

• Champion managing risk rather than risk avoidance, by seeking solutions
• Maintain knowledge of emerging technologies, threats/vulnerabilities and risk management practices and its implications to the business platform
• Leverage data driven insight and provide opinions and challenge on key risk indicators
• Support the completion of thematic reviews, scenario analysis, external event analysis, new change initiative assessments and development of risk profiles that can be leveraged to report to senior management, board, and regulators
• Work closely with first line to provide effective cyber and technology oversight and challenge on Risk and Control Self-Assessments, Operational Risk Event Reviews, IT Risk Assessments, Integrated Risk Profiles to validate the business is operating within Risk Appetite
• Maintain assigned Domain Risk Profiles to provide a strong fact-based opinion on the IT/Cyber Risk profile
• Oversee and provide effective challenge on AI and generative AI IT/Cyber risks within 2nd line of defense. The effective challenge will include in depth risk review of the solutions and approaches being deployed
• Keep abreast emerging threats and intelligence across the Operational Risk team
• Develop and maintain key internal and external relationships in order to provide advice and oversight on standard compliance, support operational risk program adherence and effective incident reporting
• Develop strong relationships within GRM and Operational Risk in support of common objectives and goals
• Support IT/Cyber related regulatory examinations / requests / assessments / reporting
• Recommend changes to IT/Cyber policies and standards to maintain currency in ensuring relevance to Cloud, AI, emerging technologies
• Proactively manage complex and sometimes competing relationships with key local, regional, and global stakeholders on a regular basis

What do you need to succeed?

Must-have

• 7-10 years of risk management experience in cyber and technology security
• 7-10 years work experience in a mid-large size organization
• 3-5 years as Cloud Security professional
• 3-5 years of hands-on Application development
• Bachelors degree in Information Security / Information Technology/Computer Science
• Strong knowledge of Cloud platforms and offerings, Cloud Risks, Cloud application deployments
• Strong understanding of AI, generative AI, and machine learning concepts
• Strong knowledge of AI technologies, ML/AI model developments and ML/AI risk management best practices, relevant global laws, regulations, and ethical and risk management standards
• Strong understanding of IT security frameworks, regulations, and industry best practices
• Strong knowledge of enterprise technology/security architecture
• Experience in managing a team.

Nice-to-have

• Experience within Operational Risk
• Experience in developing metrics (KRIs or KPIs) is preferred
• Experience working with cross-functional teams in agile environments

Certifications: CCSP, CCSK, AWS Security, Azure Security, CISM, CRISC

What’s in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation
• Leaders who support your development through coaching and managing opportunities
• Work in a dynamic, collaborative, progressive, and high-performing team
• Opportunities to do challenging work
• Flexible work/life balance options

Job Skills

Critical Thinking, Cyber Security Management, Decision Making, Detail-Oriented, Information Security Management, Information Technology Security, Interpersonal Relationship Management, IT Security Architecture, Performance Management (PM)

Additional Job Details

20 KING ST W:TORONTOTORONTOCanada37.5Full timeGROUP RISK MANAGEMENTRegularSalaried2025-05-232025-06-07

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Inclusion and Equal Opportunity Employment

At RBC, we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.