CIBC is a leading North American financial institution with 10 million personal banking, business, public sector and institutional clients. CIBC offers a full range of advice, solutions and services in the United States, across Canada and around the world. In the U.S., CIBC Bank USA provides commercial banking, private and personal banking and small business banking solutions and CIBC Private Wealth Management offers investment management, wealth strategies and legacy planning.
CIBC works to help you make your ambitions a reality with a team that is committed to being always professional, genuinely caring and collaborates to find simple solutions as we build our relationship-focused bank for the modern world.
Every year, CIBC is recognized for its business success, community commitment and employee initiatives. We are proud of this success and are committed to creating an inclusive workplace and an environment where all of our team members can excel. Responsibilities The Chief Information Security Officer (CISO) for the US Region is responsible for establishing and maintaining a Region-wide information security management program to ensure that information assets and employees are adequately protected. This position is responsible for ensuring that information security risks are identified, evaluated, mitigated and reported in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the US Region.
The position requires a visionary leader with proven business management skills and a broad understanding of information security technologies and threats. The CISO will lead a team of three Managing Directors with approx. 20 practitioners proactively working with business and technology partners to implement a strategy and practices that meet defined policies and standards for information security. He or she will also oversee a variety of security related risk management activities.
A key element of the role is working with executive management to determine acceptable levels of risk for the organization. The CISO must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode. The CISO must be able to effectively collaborate with the foreign based parent organization on a broad range of issues including leveraging enterprise capabilities to support the US Region Information Security Strategy and Program. This would also include active support of the parent organizations governance of the US Regions’ Information Security Program and day to day operations.
The CISO will be directly responsible for the management of three operational functions: Information Security Identity & Access Management Vendor Risk Management CROSS-FUNCTIONAL RELATIONSHIPS
Peers within the US Region and parent bank organizations Will be required to foster relationships with middle to senior management, and senior executives across a range of functions including Risk Management and Technology Regular interaction with the US Region Executive Committee and Board of Directors Chairs the US Security Programs Committee representing Information Security across US Region management Member of a range of committee’s including the Risk Management Committee and the US Region Operating Committee, Management Risk Committee
COMPLIANCE REQUIREMENTS/RESPONSIBILITIES As an employee of CIBC, the CISO must comply with all applicable CIBC and Line of Business policies, standards, guidelines and controls JOB DIMENSIONS
Providing clear, consistent leadership, advice and representation on all aspects of Information Security Demonstrating effective management, communication, and negotiation skills to drive complex initiatives towards completion including those with a cross boarder dimension Fostering collaborative and supportive relationships that promote effective Information Security risk management and key information security initiatives Interfacing and negotiating effectively with a wide range of audiences, including senior management Collaborating with a range of functions including Compliance, Regulatory Affairs and the parent organization to monitor developments in the areas of legal, regulatory, corporate requirements, technological developments, and best practices in the security governance and compliance field Leading the enhancement of a comprehensive monitoring and reporting regime for Information Security in the US Region to identify, manage, track and communicate information security risk Qualifications Advanced knowledge of applicable US and Canadian laws and regulations as they relate to Information Security and the effective management of Information Security Risks 10+ years of managerial experience in information security including successfully managing mergers, acquisitions and related activities Enterprise level experience including managing and successfully delivering cross functional initiatives CISO designation and associated certifications e.g. CISSP, CISM, CISA, at a prior financial institution of similar scope and scale A university degree in Information or Technology Management or Risk Management or equivalent work experience. Demonstrable experience in implementing strategic plans and managing an information security program. Extensive experience in the design and testing of formal Key Controls in support of compliance to a range of regulatory and legislative requirements including Sarbanes-Oxley, NY DFS 500 etc Advanced understanding an experience in managing business processes and budgeting Advanced understanding of human resource management principles and practices
Skills Required: Exceptional and proven leadership capabilities – communication, influence & negotiation, conflict resolution, people management, relationship management (internal/external), and team building Proven ability to successfully partner with internal clients and vendors to align strategy with deliverables, identify business challenges and develop alternatives to mitigate Enjoys working in a team-oriented, collaborative environment Strong service management and service delivery orientation Excellent written, oral, and interpersonal communication skills Ability to present ideas in at appropriate levels for different audiences Proven ability to work within a changing environment and lead the implementation of change Ability to apply change management principles to initiatives of variable sizes and degrees of complexities Ability to assess the impact or potential impact of change management initiatives of various sizes and degrees of complexities on business financials and performance Advanced level of creativity, strategic thinking and problem management skills Ability to conduct and direct research into information security issues Self-motivated, self-directed, attentive to detail, and able to multi-task Ability to effectively prioritize and execute tasks in a high-pressure environment