We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients. At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute. To learn more about CIBC, please visit CIBC.com (https://www.cibc.com/en/about-cibc.html) **What you’ll be doing** As a Senior Information Security Advisor you will be responsible for consulting on potential risks as well as current trends to help our technology and business stakeholders meet security goals and objectives. Utilizing your proactive communication skills & relationship building skills, you will partner with line of business and technology teams and help them proactively identify potential risks and present recommendations that are practical and achievable. You will act as a trusted advisor to the lines of businesses they support within a defined coverage model, adding value as an extended member of each line of business's leadership team. _At CIBC we enable the work environment most optimal for you to thrive in your role you’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-3 days per week on-site, while other days will be remote._ **How you’ll succeed** + **Consulting -** Review and interpret requirements documentation, architecture diagrams and solution designs to help determine the feasibility of a project and its security risk to CIBC. Assess business needs against potential risks and provide your recommendations to enhance our information security landscape. Coordinate action plans and/or risk as outlined in the Control & Deficiency Management Policy and Deficiency Management User Guide.Build Security In the Lifecycle of Projects. Recommend Cloud Security Controls in a Serverless environment and recommend best security approach in a DevSecOps environment + **Communication -** Build and present documentation to executive management aimed at communicating potential risks and providing recommendations. Provide feedback to and participate in the design and implementation of security assessment processes across the organization. Research, design, and implement security monitoring practices and operationalize these processes across the group. Understand strategic goals and embed cyber risk management into the culture of the line of business, acting as both a feedback loop across IS, Business and the enterprise.Respond to BU queries in support of the business programs and projects + **Delivery and Execution -** You will help us execute detailed threat risk and information security assessments, deviations, coordination of penetration testing and reporting. Establish priorities specific to information security duties and conduct Threat Models. Help us complete requests from external partners (corporate and institutional clients) and recommend new controls to reduce risks. Contribute to the identification of key controls or design controls as appropriate. Understand CIBC’s Control Framework, Control and Deficiency Management Policy (and US Supplement) and definition of key control **Who you are** + **You can demonstrate experience in** Information Security, Threat-risk assessments, Vulnerability & Penetration testing, and application security development projects along with familiarity with retail bank ecosystem and Cloud Computing technologies. You understand the technical and business roadmap for Cybersecurity controls and partners with Cybersecurity control owners, architects and engineers to develop integration plans and deliverables. **It's an asset if** you have exposure to Agile Development processes, and certifications in CISSP, Offensive Security/CEH, CASE-E-Council or CSSLP + **You're passionate about people.** You find meaning in relationships, and surround yourself with a diverse network of partners. You build trust through respect and authenticity. You partner with subsidiary and affiliates stakeholders to understand current Cybersecurity controls of the subsidiary/affiliate and to develop integration plans. You collaborate with the first line centers of excellence to implement control enhancements and/or new controls as appropriate + **You're digitally savvy.** You seek out innovative solutions and embrace evolving technologies. You can easily adapt to new tools and trends. + **Your influence makes an impact.** You know that relationships and networks are essential to success. You inspire outcomes by making yourself heard. You act as owners of Line of Business-specific information security issues, as required. You own and direct security initiatives within the division or business unit based on research and analysis that drive quarterly strategy plans that will be led by the BISO (start to finish) + **You give meaning to data.** You enjoy investigating complex problems, and making sense of information. You're confident in your ability to communicate detailed information in an impactful way. You develop controls for data validation related to data owned by the Lines of Business Review reports provided by Infrastructure and Support Functions. You successfully linking the business and data security needs of technology solutions that drives our business, smartly + **Values matter to you.** You bring your real self to work and you live our values – trust, teamwork and accountability. **_**Prior to starting in this role, security checks, including a criminal record check must be successfully completed to the satisfaction of CIBC. An annual criminal record check may also be required_** \#LI-TA **What CIBC Offers** At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck. + We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program. + Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients. + We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development. *Subject to plan and program terms and conditions **What you need to know** + CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com + You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit. + We may ask you to complete an attribute-based assessment and other skills tests (such as simulation, coding, French proficiency, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us. **Job Location** Toronto-81 Bay, 19th Floor **Employment Type** Regular **Weekly Hours** 37.5 **Skills** Advisory Services, Cloud Security Assessment, Cloud Security Risk Management, Information Security Assessments, Security Risk Management At CIBC, we are in business to help our clients, employees and shareholders achieve what is important to them. Our ability to create value for all CIBC stakeholders is driven by a business culture based on common values: Trust, Teamwork and Accountability. Working with CIBC makes you a part of a work environment committed to our clients, employees and communities - a place where you can excel. Every day, our 44,000 employees help our clients achieve their financial goals, because what matters to our clients, matters to us.