Apply on Employer Site

CIBC US · 3 days ago

Director, Information Security - Regulatory & Controls

Chicago, IL

Full-time

Hybrid

Lead/Staff

$190K/yr - $230K/yr

CIBC US is building a relationship-oriented bank for the modern world and is seeking a Director of Information Security - Regulatory & Controls. The role involves ensuring compliance with regulations, overseeing information security controls, and serving as the primary contact for regulatory audits.

BankingFinancial Services

No H1B

Responsibilities

Monitor relevant laws, regulations and standards to ensure organization’s security practices align with regulatory requirements

Own regulatory compliance programs such as NY-DFS, GLBA and FFIEC assessments

Serve as primary point of contact for regulatory bodies during audits

Creation of materials for and participation in regulatory exams and quarterly briefings to regulators as required

Develop responses and drive resolution of Issues, Deficiencies, Matters Requiring Attention (MRAs), and Supervisory Recommendations (SR’s) assigned to US Region Information Security

Work closely with US TI&I Risk & Controls Team, Regulatory Affairs, Operational Risk Management (ORM) and Internal Audit as required

Assist with creation of materials for Annual Cyber Security Board Review and Quarterly Board Risk Committee Meetings

Creation of materials for various reporting committees and forums, including weekly status

Creation of materials for various reporting committees and forums, including weekly reports, business unit reviews and horizontal review

Conduct Risk and Control Self-Assessment (RCSA) for Information Security and provide input into RCSA for all other lines of business

Mapping of controls to industry frameworks (e.g. NIST, PCI, MITRE)

Work closely with controls testing teams

Drive remediation of ineffective controls owned by the US and provide oversight of control effectiveness for enterprise controls impacting the US

Act as secretary for the Cyber Security Controls Oversight Council

Recruiting and hiring of Information Security professionals to support target operating model changes

Provides ongoing advice and direction on a variety of complex conceptual or interpretative issues

Establishing and leveraging peer's relationships within the US Region and Parent bank organizations

Will be required to foster relationships with middle to senior management, and senior executives across a range of functions including Risk Management and Technology

Qualification

Information SecurityRegulatory ComplianceRisk ManagementAnalytical ThinkingControl ManagementPeople ManagementLong Term PlanningSecurity RiskSecurity TrainingsLeadership

Required

Experience at a financial institution of similar scope and scale with direct experience working with regulators and regulatory compliance programs

Advanced knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks

Experience developing and implementing strategic team goals

Experience coaching employees and inspiring successful team performance

Strong critical thinking skills to inform decision-making

Ability to foster relationships with middle to senior management, and senior executives across a range of functions including Risk Management and Technology