What you’ll do

　　Reporting to the AVP, Enterprise Risk Management, the Director, Cyber & Technology Risk is a cyber and technology subject matter expert and seasoned professional focused on identifying, mitigating, and reporting cyber, technology, and information risks at Canadian Tire Bank. As part of the second line of defence, this role will oversee and challenge all information security activities across the Bank.

　　The Director should possess superior communication and judgement skills to facilitate accurate cyber and technology risk assessments and mitigation options while developing relationships and working collaboratively with many stakeholders including the various business units, cyber security, technology teams, and internal audit. The Director will also instill a risk and control discipline and risk-aware culture through education, consultation, and the development of risk management capabilities across key teams.

　　Provide technical leadership and guidance, security consulting and risk oversight to first line operational and project teams across the Bank.

　　Educate and instill a risk aware cyber security culture across the organization.

　　Develops and facilitates the implementation of cyber and technology risk management processes and capabilities to protect the organization’s critical information assets and systems.

　　Facilitates the cyber and technology risk assessment process across numerous stakeholders, ensuring risks are adequately assessed, risk reduction and mitigation strategies are employed, and risk governance and approval procedures are followed.

　　Detects and mitigates cyber and technology risks that are significant and critical-level impacts to the organization, thereby preventing potential cyber attack scenarios and significant losses from occurring. Facilitates and provides guidance for cyber and technology related scenario analysis exercises.

　　Reviews and advises on the cyber and technology security design and associated risks and mitigation approaches for third parties and all new initiatives. Monitors and challenges the first line of defence activities related to the risk assessments for third party service providers.

　　Provides a layer of independent challenge of cyber risk through targeted independent assessments of current cyber security and technology practices, initiatives, and strategies.

　　Oversees and enhances the measurement framework for cyber key risk metrics, and defines tolerance limits based on risk appetite, business needs, industry standards, and regulatory expectations.

　　Uses subject matter expertise and a comprehensive understanding of internal and industry standards to assess risks and to provide insights and guidance to the CRO and other senior leaders on the Bank’s cyber and technology risk profile.

　　Reviews and provides guidance on changes to policies and supporting standards and guidelines.

　　Collaborates and develops strong relationships with the CTC Cyber Security and CTB IT Risk Governance & Security teams.

　　Partners with technology and business stakeholders to assess the effectiveness of current business continuity planning and disaster recovery providing recommendations and influencing as required.

　　Stay abreast and opines on emerging security threats, technology advancements, risk management trends, industry trends and possible implications for the Bank.

　　What you bring

　　Advanced knowledge in IT, cyber risk management, business resiliency, network management/architecture, vendor risk management, vulnerability management, information security, and data protection/management (other related domains considered an asset).

　　10+ years progressive management experience in cyber and/or technology security risk management experience ideally at another Canadian financial institution.

　　Relevant work experience in Information Technology and in cyber security frameworks such as those published by guiding organizations (NIST, SANS, ISO). Ability to translate framework to practical advice, assessment, and analysis.

　　Knowledge of governance, risk, and compliance frameworks such as ITIL, NIST, COSO, COBIT, etc.

　　Strong ethical principles and understanding of business and information security ethics.

　　Strong knowledge of common security vulnerabilities of web and cloud applications and operating techniques from sources such as SANS, OWASP Top 10 and Cloud Security Alliance (CSA).

　　At least one of these certifications would be desirable: CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP

　　Solid knowledge of network technologies, hardware platforms and operating systems.

　　Solid understanding of security requirements through an entire technology stack.

　　Good knowledge of applicable data privacy practices.

　　Effective at breaking down complex problems to a level that work groups can own, translating technology information as appropriate to drive effective decision making.

　　Influences through seasoned communication and negotiation skills, strong collaboration, and relationship-building skills.

　　Provides technical consultation at all levels across the organization as a sought-out expert in multiple technical domains.

　　Ability to inspire, remove roadblocks, and coach technical stakeholders.

　　Hybrid

　　We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team.

　　About Us

　　At Canadian Tire Services Limited/Canadian Tire Bank, it is our mandate to continue to create innovative and rewarding financial solutions for our customers. Our growing suite of products and services showcase the dynamic contributions from our employees and our success is driven by a strong vision, loyal customers, and our ability to build teams that reflect the diverse customers and communities in which we live and work. Join us, where there's a place for you here.

　　Our Commitment to Diversity, Inclusion and Belonging

　　We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better. .

　　Accommodations

　　We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.

　　We are one of Canada’s most admired and trusted companies. With world-class owned brands and exciting market-leading merchandising strategies, we are continually innovating with purpose: to excite and serve Canadian customers from coast-to-coast. We are connected to communities, big and small, from coast-to-coast, offering products and services that reflect the diverse nature of every one of them. From sports to outdoors, automobiles to homes, we know and understand life in Canada like no other retailer can.

　　We are always on the lookout for curious, creative people who are able to navigate and excel in a rapidly evolving retail environment. If you’re ready to take on new challenges – be it in digital, IT, marketing, data & analytics, merchandising, or one of the many other roles we have – there is a place for you here, so apply today.