Senior Analyst, Cyber Security and IT Risk Management (Global Security)

Job Summary

Job Description

What Is The Opportunity?

RBC’s Global IT Risk (GITR) function enables the protection of RBC's brand, systems, and operations by equipping the business and technology partners with meaningful insights, actionable advice, and information on RBC IT & Cyber risks. Join our dynamic team as a “Senior Analyst - Cyber Security, and IT Risk Management”, where you will play a pivotal role in advancing our organization's technology, risk, security, and operations landscape. You will execute risk-based control testing activities, independently evaluating the design, implementation, and operating effectiveness of these controls to enhance our first line of defense (1LOD). This role is essential in supporting the identification and mitigation of operational, IT, and regulatory risks. Your expertise will be crucial in driving change and overall improvement across the organization’s approach to IT and Cyber risk.

What Will You Do?

• Internal Control Testing: Participate in all phases of the internal control monitoring process, including planning, testing, evaluating risk, identifying mitigating controls, developing conclusions, writing reports, and maintaining work papers.

• Execute Control Testing: Perform risk-based control assessments to evaluate the design, implementation, and operating effectiveness of IT and Operational Controls. Document test work while adhering to quality standards, procedures, and organizational best practices.

• Conduct Concurrent Control Testing Engagements: Collaborate internally and externally across multiple concurrent testing engagements of varying complexity, ensuring they are completed efficiently and within timelines.

• Control Testing Reporting: Analyze, aggregate, and articulate the results, issues, and recommendations related to control testing activities or other control monitoring activities and regulatory exams.

• Stakeholder Collaboration: Establish and maintain strong working relationships across business units and platforms. Collaborate with various groups to define and achieve deliverables.

• Control Deficiency Management: Coordinate with stakeholders to log, manage, and track control deficiencies. Assess remediation plans to ensure they are designed to effectively reduce risk.

• Subject Matter Expertise: Serve as a trusted advisor, advising stakeholders on control documentation and testing, ensuring compliance with organizational policies, regulatory requirements, and industry standards.

• Stay Informed: Maintain a thorough understanding of external technology and cybersecurity trends, emerging technologies, and internal technology and cyber risk management approaches.

What You Need to Succeed?

Must have:

• Educational Background & Certifications: Degree in Computer Science, Engineering, or a related field is required. Either CRISC, CISA, or CISSP is preferred.

• Experience: Minimum of 3 years’ experience in Information/Cyber Security, IT Risk Management, IT Operations, or Technology, with at least 3 years focused on controls testing, internal audit, quality control, risk management, or compliance.

• Technical Proficiency: A strong understanding of technology and cyber risk management is crucial.

• Project Management & Organizational Skills: Strong organizational, project management, and time management capabilities are essential.

• Communication Skills: Demonstrated excellence in both written and oral communication is a must.

• Analytical Thinking: Strong analytical and rational thinking, supported by solid writing skills are essential.

• Industry Insight: An understanding of the financial services industry or technology sector, coupled with a familiarity with regulatory environments, will greatly enhance your ability to succeed in this role.

Nice-to-have:

• A strong understanding of financial services industry and experience with compliance frameworks such as ISO27001, NIST 800-53, etc.

• Knowledge of OSFI, FINRA, SEC, MSRB, FRBNY and OCC rules and regulations.

• Strong knowledge of rules, regulations and compliance requirements for the financial services industry.

• Working experience in cybersecurity and/or IT risk management spaces.

• Big Four IT risk consulting and/or audit experience.

What's In It For You?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits.

• Leaders who support your development through coaching and managing opportunities.

• Ability to make a difference and lasting impact.

• Work in a dynamic, collaborative, progressive, and high-performing team.

• A world-class training program in financial services.

• Flexible work/life balance options.

• Opportunities to do challenging work.

#LI-Hybrid

#LI-POST

Job Skills

Confidentiality, Cyber Security Management, Decision Making, Detail-Oriented, Encryption Software, Group Problem Solving, High Impact Communication, Information Security Management, Information Technology Security

Additional Job Details

Address: 335 8 AVE SW:CALGARY

City: CALGARY

Country: Canada

Work hours/week: 37.5

Employment Type: Full time

Platform: TECHNOLOGY AND OPERATIONS

Job Type: Regular

Pay Type: Salaried

Posted Date: 2025-01-24

Application Deadline: 2025-02-08

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Inclusion and Equal Opportunity Employment

At RBC, we embrace diversity and inclusion for innovation and growth. We are committed to building inclusive teams and an equitable workplace for our employees.

Join our Talent Community

Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.