We are banking at another level. Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs. Choosing BDC as your employer also means: Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1 A hybrid work model that truly balances work and personal life Opportunities for learning, training and development, and much more... *Please note that this role requires bilingualism in English and French. POSITION OVERVIEW We are seeking a dynamic and driven Product Owner (PO) to join our Cybersecurity Governance, Risk & Culture department within the squad Risk & Value Office. In this pivotal role, you will be at the heart of InfoSec, championing technology risk management, strategic planning, performance measurement, and executive-level reporting. As a Product Owner, you will work closely with your squad to maximize the value delivered by the Product, ensuring strong alignment with both BDC’s and InfoSec’s strategic objectives. You will be responsible for prioritizing and supporting the Squad delivering both operational activities and product evolutions. Collaboration is key—you will engage with other InfoSec squads, IT teams, and the organization’s lines of defense to align roadmaps but also support robust risk management and informed strategic decision-making. You’ll be joining the team during an exciting transformation, as IT adopts a shared agile operating model. Squads are empowered to make key decisions within their scope, including defining their ways of working, and determining how best to achieve their goals and developing a mindset of continuous improvement. Key Focus The Product that the PO will support is responsible for delivering the following key InfoSec capabilities: Technology Risk Management: Establish and maintain a robust technology risk framework to identify, assess, and monitor key threats and risk scenarios. Performance Measurement: Develop and manage tools and methodologies to track InfoSec control performance and threat exposure across squads. Reporting: Ensure timely, accurate, and standardized InfoSec reporting to executive stakeholders and governance bodies. Budget Management: Oversee InfoSec financial planning and procurement activities to support strategic and operational priorities. Transformation Support: Drive and coordinate the execution of strategic transformation initiatives impacting InfoSec and enterprise-wide programs Strategic Planning: Support InfoSec leadership with the definition of yearly InfoSec objectives and maintain a capabilities portfolio to guide annual planning and investment decisions. Quarterly Prioritization: Support InfoSec leadership to prioritize InfoSec activities to ensure strategic focus and a risk-based approach during IT quarterly planning for effective cross-functional delivery. In the role, the PO will be responsible for: Define and communicate a clear Product vision and strategy, creating and maintaining a visible Product Roadmap that highlights delivery priorities and key functionalities. Manage the Product backlog and set priorities based on squad capacity, ensuring alignment with InfoSec and BDC objectives. Oversee governance processes, compliance, and security controls assigned to the Product, Coordinating delivery cadence and quarterly squad events. Promote frequent, incremental product improvements that drive organizational value. Track value realization through Objectives and Key Results (OKRs) Delivering, as a Squad member, high-quality outputs focused on Product users. CHALLENGES TO BE MET Capability Evolution: Apply domain knowledge and experience to lead the continuous improvement of Product capabilities, with a focus on effectiveness, efficiency, and user experience. Incremental and value-driven Delivery: Drive the continuous evolution of InfoSec capabilities by delivering measurable value through iterative improvements Stakeholder Engagement: Gain buy-in and foster collaboration across departments with diverse priorities, promoting a culture of accountability around risks and controls. Data-Driven Enablement: Leverage performance measurement frameworks to assess and enhance the maturity and impact of InfoSec controls. Creative & Pragmatic Problem Solving: Combine analytical thinking with practical creativity to tackle challenges and deliver effective solutions. Leadership in Dynamic Environments: Demonstrate leadership and adaptability in a fast-paced, deadline-driven context. WHAT WE ARE LOOKING FOR Education: Bachelor’s degree in computer science, Information Security, Engineering, Business Administration, or a related field. Relevant certifications (e.g., CISSP, CISM) are considered assets. Experience: Minimum 7 years of experience in cybersecurity, risk management, or IT governance, including: Implementing and managing technology risk frameworks, conducting risk assessments, and aligning risk scenarios with business objectives. Contributing to or leading the development of InfoSec strategies, annual planning cycles, and capability roadmaps Experience designing and implementing KPIs, control effectiveness metrics, and dashboards; delivering executive-level reports and insights. Participation in or leadership of enterprise-wide transformation initiatives, especially those involving InfoSec, IT operating models, or agile adoption. Experience managing budgets, tracking financial performance, and supporting procurement processes within a governance framework Framework Expertise: Strong knowledge of risk and control frameworks such as ISO 27001, NIST, SCF, and OSFI guidelines. Agile Delivery: Hands-on experience or strong interest with agile multi-team delivery frameworks (e.g., SAFe), backlog management, quarterly planning, and iterative value delivery. Relevant certifications are considered assets (PSPO or equivalent). Technical Proficiency: Excellent command of Microsoft tools and platforms, especially Excel, PowerPoint, Power BI, SharePoint and Azure DevOps Board Management (or equivalent). Excellent verbal and written communication skills in both official languages (French, English) Proudly one of Canada’s Top 100 Employers and one of Canada’s Best Diversity Employers, we are committed to fostering a diverse, equitable, inclusive and accessible environment where all employees can thrive and feel empowered to bring their whole selves to work. If you require an accommodation to complete your application, please do not hesitate to contact us at accessibility@bdc.ca. While we appreciate all applications, we advise that only the candidates selected to participate in the recruitment process will be contacted. BDC is a bank unlike any other. We are the only bank dedicated exclusively to the development of Canadian businesses. The only institution whose purpose is to promote the growth of the Canadian economy by focusing on the success of small and medium-sized businesses, with a human touch and a genuine presence. At BDC, we’re changing people’s and businesses’ lives for the better. That’s what makes us unique as a bank. That’s why we are banking at another level.
