RBC’s Global IT Risk (GITR) function enables the protection of RBC's brand, systems, and operations by equipping the business and technology partners with meaningful insights, actionable advice, and information on RBC IT & Cyber risks. Join our dynamic team as a “Senior Analyst - Cyber Security, and IT Risk Management”, where you will play a pivotal role in advancing our organization's technology, risk, security, and operations landscape. You will execute risk-based control testing activities, independently evaluating the design, implementation, and operating effectiveness of these controls to enhance our first line of defense (1LOD). This role is essential in supporting the identification and mitigation of operational, IT, and regulatory risks. Your expertise will be crucial in driving change and overall improvement across the organization’s approach to IT and Cyber risk.
What Will You Do?
Internal Control Testing: Participate in all phases of the internal control monitoring process, including planning, testing, evaluating risk, identifying mitigating controls, developing conclusions, writing reports, and maintaining work papers.
Execute Control Testing: Perform risk-based control assessments to evaluate the design, implementation, and operating effectiveness of IT and Operational Controls. Document test work while adhering to quality standards, procedures, and organizational best practices.
Conduct Concurrent Control Testing Engagements: Collaborate across multiple concurrent testing engagements of varying complexity, ensuring they are completed efficiently and within timelines.
Control Testing Reporting: Analyze, aggregate, and articulate the results, issues, and recommendations related to control testing activities.
Stakeholder Collaboration: Establish and maintain strong working relationships across business units and platforms.
Control Deficiency Management: Coordinate with stakeholders to log, manage, and track control deficiencies.
Subject Matter Expertise: Advise stakeholders on control documentation and testing, ensuring compliance with organizational policies and regulatory requirements.
Stay Informed: Maintain a thorough understanding of external technology and cybersecurity trends and internal technology and cyber risk management approaches.
What You Need to Succeed?
Must have:
Educational Background & Certifications: Degree in Computer Science, Engineering, or a related field is required. Either CRISC, CISA, or CISSP is preferred.
Experience: Minimum of 3 years’ experience in Information/Cyber Security, IT Risk Management, IT Operations, or Technology, with at least 3 years focused on controls testing.
Technical Proficiency: A strong understanding of technology and cyber risk management is crucial.
Project Management & Organizational Skills: Strong organizational, project management, and time management capabilities are essential.
Communication Skills: Demonstrated excellence in both written and oral communication is a must.
Analytical Thinking: Strong analytical and rational thinking skills are essential for documenting and communicating test work effectively.
Industry Insight: An understanding of the financial services industry or technology sector is important.
Nice-to-have:
A strong understanding of financial services industry and experience with Compliance and Industry framework such as ISO27001, NIST 800-53, etc.
Knowledge of OSFI, FINRA, SEC regulations.
Working experience in cybersecurity and/or IT risk management spaces.
What's In It For You?
A comprehensive Total Rewards Program including bonuses and flexible benefits.
Leaders who support your development through coaching and managing opportunities.
Ability to make a difference and lasting impact.
Flexible work/life balance options.
#LI-Hybrid
#LI-POST