Purpose of the Role:    

• Provides pre-audit support, leveraging reports issued from previous audits, MKCTS, management information on key risk indicators (KRIs), identifying deficiencies, engaging and supporting the assigned LoB / SBU in undertaking actions to remediate any adverse positions to facilitate proactive risk management, escalation and oversight by setting clear action / remediation plans within risk tolerance while enhancing the control environment.
• Provides support pre, during and post audit reviews for assigned units, collaborating with auditors / reviewers, providing effective challenge to any issues identified, identifying / understanding of the root cause, dependencies and the actions necessary to guide the assigned units to an adequate risk and controls environment and successfully support and achieve the risk mitigation plan objectives and timelines.
• Identifies & evaluates existing controls impacted by risks identified / to be mitigated, ensuring any actions required provide consideration to either the preventative &/or detective control(s) to address the risk identified to confirm that controls in place / proposed are adequate to mitigate the risk documented to an acceptable level in alignment with policy, procedures, standards and guidelines.
• Develop detailed action plans to remediate deficiencies, ensuring thorough documentation completed, engaging business lines for buy-in and verifying remediation progress while identifying gaps throughout the issue lifecycle and continuously evaluating and monitoring to ensure timely correction of actions to mitigate risks, avoid regulatory penalties and demonstrate adherence to risk and control standards.
• Performs validation exercises to confirm effective risk mitigation and reviews remediation artifacts for submission to Audit, Compliance and / or Operational Risk for adjudication, providing effective challenge on the evidence required to provide an independent assessment as to whether the risk has mitigated and the unit’s efforts are ready to be adjudicated by Internal Audit, Compliance and / or Operational Risk.
• Monitors & evaluates sustainability testing plans, checking that key areas relevant to evidence embedding and sustainability are outlined and reviewed in accordance with the risk appetite and control standards to ensure standard execution of remediation is on track and key risk components are addressed.
• Prepares monthly reports for stakeholders, including executives, management, on deficiency progress, proactively escalating items trending past due or failed status to enhance accountability and ensure managers / owners are aware of the risk mitigation plans status and any deviations from planned objectives so that action can be taken to get it back on track and closed.
• Conducts risk gap analysis and provides guidance on risk mitigation / treatment plans, checking for compliance with relevant policies, standards, regulations, credit risk, operational, AML& ATF standards and guidelines, industry standards e.g. NIST         to provide early identification of gaps and the efforts and resources to reduce the risks and recognize / identify opportunities for change that can help reduce or eliminate risks.

Knowledge / Experience:

• Knowledge of the Bank’s compliance standards and guidelines in addition to the regulatory framework across the Bank’s jurisdictions and CIBC OSFI Regulations.
• Familiarity with risk management frameworks.
• Knowledge of risk identification, assessment and mitigation strategies.
• Understanding of financial services issues, including regulatory requirements.
• Experience in the deficiency remediation processes.
• Analytical ability sufficient to assess risk levels and identify root cause of deficiencies.

Technical:

• Knowledge of and experience in the following areas: information security, cybersecurity, cloud computing, application management, networking, infrastructure management.
• Knowledge of industry frameworks / standards utilized for IT internal controls (COBIT, NIST CSF, ISO, PCI-DSS etc.).
• Good knowledge and experience in performing technology risk and controls assessments.
• Good understanding of IT Governance, Cybersecurity & Information Technology control issues, and related regulatory requirements.
• Knowledge of auditing and/or control testing, familiarity with emerging technologies and Cloud computing technologies, and exposure to agile development processes, is an asset.

Non-Technical:

• Knowledge and experience in credit risk standards, tools and methodologies.
• Knowledge and expertise in AML Regulations and governance.
• Knowledge of the impact and recommendations of (FATF Recommendations, FIU, Banking Secrecy Act).
• COSO Frameworks and best practices.

Required Qualifications:

Technical:

• 2+ years’ post qualification experience in core professional qualifications, e.g. CIA, CISM, CISA, CISSP, CCSP, CRISC or
• 2+ years’ post degree (BSc) experience in a technology related area (computer science, information security, information technology, etc.).
• Information Technology auditor experience would be an asset.

Non-technical:

• Degree in risk management or similar disciplines.
• ACAMs, FIBA certification would be an asset.
• Risk management qualifications e.g. Certificate in Operational Risk Management would be an asset.

JOB SNAPSHOT:
Category:  Governance and Control
Function:  Transformation, Governance & Control
Position reports to:  Senior Manager, Deficiency & Audit Advisory

Expiry Date: 5-8-2025