Job Summary

Job Description

Job Title: Associate Director, Cyber and IT Risk Framework Policy and StandardsWhat is the opportunity?

The Associate Director, Cyber and Technology Risk Framework and Standards will be responsible for supporting the development of Cybersecurity and Information Technology policies and standards by providing challenge and oversight on their design and implementation within a well-defined and communicated framework to mitigate risk to RBC.

As a member of the IT Policy and Standards Office (ITPSO) your responsibilities will include maintaining the framework; managing a comprehensive cyber & technology governance roadmap and the supporting pipeline and schedule; providing subject matter experts with appropriate guidance to ensure that policies and standards are developed and documented in a manner that follows RBC requirements and that supports other policies and standards as required; and ensuring that changes are effectively communicated by responsible parties to allow implementation and compliance.

What will you do?Provide primary and comprehensive advisory on RBC's security framework, policies, standards and guidelines to a complex level, and ensure their effective development.Contribute to the development of IT Risk governance frameworks, policies, and standards by leveraging existing frameworks and approaches.Manage and maintain the Cyber & Technology Governance Roadmap and supporting pipeline and schedule of policy and standards development, updates, and refreshes, that ensures policies and standards are reviewed and updated in a timely manner.Maintain the repository of assigned Frameworks, policies, standards, guidelines, glossaries, and regional addendums.Work with the regional representatives to coordinate the scanning for regulatory changes, maintain theRegulatory Intelligence repository and facilitate the completion of gap analysis against our policies and standards.Maintain a supportable opinion on RBC's risk and effectiveness of our policies and standards using analytics, review of IT Issues, Control effectiveness reviews, Key Risk Indicators and assessments as required.Support the handling of questions pertaining to cyber and technology policies and standards from regulators,and 3rd partiesMaintain assigned Cyber and IT Risk Governance Domain profiles to provide a strong fact-based opinion on the associated IT Risk.Deliver presentations and updates to key business/T&O stakeholders.Provide timely insight to business and technology partners on risk and controls, to ensure effective responses and no surprises.Request from compliance under reliance compliance model (RCM) – Horizon scanning, Quarterly trigger event assessment and annual regulatory risk assessment for IT/Cyber risk.

What do you need to succeed?Must-have:University degree, or equivalent3 years in the financial services or other regulated industries2 years’ experience in development of IT Risk Frameworks, Policies and Standards

Nice to have:Experience in working within a large financial service company.Experience with industry framework “NIST, COBIT, OSFI, ISO” and global regulatory requirements “OSFI, FFIEC, NYDFS, DORA”.Certifications: CISA, CISSP, CISM etc.

What’s in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensationLeaders who support your development through coaching and managing opportunities Work in a dynamic, collaborative, progressive, and high-performing teamOpportunities to do challenging workFlexible work/life balance options

Job Skills

Global Risk Management, Information Technology (IT) Risk

Additional Job Details

Address:

20 KING ST W:TORONTO

City:

TORONTO

Country:

Canada

Work hours/week:

37.5

Employment Type:

Full time

Platform:

GROUP RISK MANAGEMENT

Job Type:

Regular

Pay Type:

Salaried

Posted Date:

2025-03-05

Application Deadline:

2025-03-19

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Inclusion and Equal Opportunity Employment

At RBC, we embrace diversity and inclusion for innovation and growth. We are committed to building inclusive teams and an equitable workplace for our employees to bring their true selves to work. We are taking actions to tackle issues of inequity and systemic bias to support our diverse talent, clients and communities.
​​​​​​​
We also strive to provide an accessible candidate experience for our prospective employees with different abilities. Please let us know if you need any accommodations during the recruitment process.

Join our Talent Community

Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.

Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com.