Senior IT Risk Analyst (Global Security)
Job Summary
The Senior IT Risk Analyst will perform risk-based testing activities that independently evaluate the design and effectiveness of IT controls and further assist with the enhancement and execution of the IT Control Testing and Monitoring. This role will primarily support the identification and mitigation of IT and regulatory risks and operational issues and will also assist in the maintenance of operational and IT control procedures.This is an advanced senior professional with wide- ranging experience who uses professional concepts to resolve complex issues, serves as an expert in their own discipline or area of specialization. This dynamic position provides opportunities for working across the organization.
Job Description
What will you do?- Internal Control Testing: Participate in all phases of the internal control monitoring process, including planning, testing, evaluating risk, identifying mitigating controls, developing conclusions, writing reports, and maintaining work papers.
- Execute Control Testing: Perform risk-based control assessments to evaluate the design, implementation, and operating effectiveness of IT and Operational Controls. Document test work while adhering to quality standards, procedures, and organizational best practices. Responsible for executing Control Assessments (i.e., Testing) of Technology and Operation’s Key Controls across various domains. May act as designated lead tester/reviewer of control testing engagements
- Conduct Concurrent Control Testing Engagements: Collaborate internally and externally across multiple concurrent testing engagements of varying complexity, ensuring they are completed efficiently and within timelines. Identify potential issues, conflicts, and risks, and escalating as necessary
- Subject Matter Expertise: Serve as a trusted advisor, advising stakeholders on control documentation and testing, ensuring compliance with organizational policies, regulatory requirements, and industry standards
- Control Deficiency Management: Coordinate with stakeholders to log, manage, and track control deficiencies. Assess remediation plans to ensure they are designed to effectively reduce risk and verify that corrective actions are implemented according to plan
- Stakeholder Collaboration: Establish and maintain strong working relationships across business units and platforms. Collaborate with various groups to define and achieve deliverables, acting as a trusted advisor on control documentation and testing. Collaborate and liaise with 2LOD and 3LOD (Internal Audit) when required
What You Need to Succeed? Must have:
- Educational Background & Certifications: Degree in Computer Science, Engineering, or a related field is required. Either CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Security Auditor), or CISSP (Certified Information Systems Security Professional) is preferred.
- Experience: Minimum of 5 years’ experience in Information/Cyber Security, IT Risk Management, IT Operations, or Technology, with at least 3 years focused on controls testing, internal audit, quality control, risk management, or compliance. Ideally, within the financial services industry, a public accounting firm, or a financial institutions regulator.
- Project Management & Organizational Skills: Strong organizational, project management, and time management capabilities are essential. You must be deadline-driven and results-oriented, able to consistently meet high-quality standards while managing multiple tasks and deadlines.
- Communication Skills: Demonstrated excellence in both written and oral communication is a must. You should be proficient in effectively and timely communicating with stakeholders, understanding their information and communication needs, and presenting information clearly and persuasively.
- Analytical Thinking: Strong analytical and rational thinking, supported by solid writing skills are essential for documenting and communicating test work effectively. You should be able to grasp stakeholder expectations and align your communication accordingly.
- Industry Insight: An understanding of the financial services industry or technology sector, coupled with a familiarity with regulatory environments, will greatly enhance your ability to succeed in this role
Nice-to-have:
- A strong understanding of financial services industry and experience with Compliance and Industry framework such as ISO27001, NIST 800-53, NIST CSF, NIST 800-171, COBiT etc.
- Knowledge of OSFI, FINRA, SEC, MSRB, FRBNY and OCC rules and regulations.
- Strong knowledge of rules, regulations and compliance requirements for the financial services industry concerning hybrid cloud and multiple technology domains specific to the areas of oversight.
- Working experience in cybersecurity and/or IT risk management spaces.
- Big Four (4) IT risk consulting and/or audit experience
What’s in it for you?
We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.
- A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
- Leaders who support your development through coaching and managing opportunities
- Ability to make a difference and lasting impact
- Work in a dynamic, collaborative, progressive, and high-performing team
- A world-class training program in financial services
- Flexible work/life balance options
- Opportunities to do challenging work
#LI-Hybrid
#LI-POST
#TECHPJ
Job Skills
Business Continuity and Disaster Recovery (BCDR), Cyber Security Management, Firewall Management, Information Technology (IT) Risk, IT Network Security, IT Standards, Problem Management, Process Management, Risk Assessments, Technical Writing, Threat Management
Additional Job Details
Address:
335 8 AVE SW:CALGARY
City:
CALGARY
Country:
Canada
Work hours/week:
- 5
Employment Type:
Full time
Platform:
TECHNOLOGY AND OPERATIONS
Job Type:
Regular
Pay Type:
Salaried
Posted Date:
2025-01-24
Application Deadline:
2025-05-30
Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above
Inclusion and Equal Opportunity Employment
At RBC, we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities.RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.
Join our Talent Community
Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.
Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com.