Join a Challenger
Being a traditional bank just isn’t our thing, so we challenge ourselves to get
creative in providing innovative banking solutions for Canadians.
How do we get there? With a talented team of inquisitive and agile challengers
that break through the status quo. So, if you’re passionate about redefining the
future of banking—while having fun—this could be your next big opportunity.
Our company continues to grow, and today we serve more than 670,000 people
across Canada through Equitable Bank, Canada's Challenger Bank™, and have been
around for more than 50 years. Equitable Bank's wholly-owned subsidiary,
Concentra Bank, supports credit unions across Canada that serve more than six
million members. Together we have over $125 billion in combined assets under
management and administration, with a clear mandate to drive change in Canadian
banking to enrich people's lives. Our customers have named our EQ Bank digital
platform (eqbank.ca [https://www.eqbank.ca/]) one of the top banks in Canada on
the Forbes World's Best Banks list since 2021.
The Purpose of Job
The Cyber Security Risk & Controls Manager is responsible for developing,
implementing, and enhancing the bank’s information security risk management
framework, with a specific focus on control assurance, cyber risk assessments,
with a particular focus on third-party (vendor) risk management.
This role serves as a subject matter expert (SME) for security risk across
business units, technologies, and third-party engagements, helping to protect
the organization against emerging cyber threats while enabling business
resilience and regulatory compliance.
\n
The Core Responsibilities!
- Manage & lead the identification, assessment, and management of cyber and
information security risks across the organization.
- Own and lead the third-party cyber risk assessments, including onboarding
assessments, projects, contract reviews, continuous monitoring, and breach
response coordination.
- Perform security risk assessments of new or existing services, applications,
technologies and vendors. Documents and effectively communicates findings to
key stakeholders.
- Conduct project consulting on assessment of risk, definition of required
controls, appropriateness of implemented control procedures, vulnerability
assessments, and any other relevant areas for existing services and
third-party vendors.
- Partner with Procurement, Legal, and Business Units to embed security
requirements into onboarding and vendor lifecycle processes.
- Support internal and external audits, regulatory exams, and compliance
reviews, ensuring timely evidence collection and response.
- Ensure technology, processes, and governance are in place to monitor, detect,
prevent, and react to both current and emerging technology/security threats
against the bank.
- Maintain a third-party risk scoring model and threat intelligence integration
to proactively identify and mitigate supplier risks.
- Oversee the cyber risk register, KRI metrics ensuring risks are accurately
captured, monitored, and reported to senior management.
Let's Talk About You!
- Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Risk
Management, or related field.
- At least eight (8) years of information security and information risk
experience.
- At least four (5) years of third-party risk management experience (including
hands-on experience conducting third party risk assessments)
- Understanding of Cloud Shared responsibility models and risk mitigation
approach/techniques.
- Experience in performing organization-wide/entity security risk assessments
or audits is required.
- Understanding and experience with security compliance frameworks such as PCI
DSS, BSIMM, Cloud Security Alliance, NIST, ISO 27K series is required.
- Understanding of Canadian Financial industry regulations relevant to
third-party security and privacy expectations E.g. OSFI, OPC
- The following certifications are preferred: CCSP, CCSK, CISM, CISSP, CISA, or
CRISC.
- Experience working in a banking or financial services environment is an
asset.
\n
What we offer [For full-time permanent roles]
?? Competitive discretionary bonus
? Market leading RRSP match program
?? Medical, dental, vision, life, and disability benefits
?? Employee Share Purchase Plan
???? Maternity/Parental top-up while you care for your little one
?? Generous vacation policy and personal days
?? Virtual events to connect with your fellow colleagues
?? Annual professional development allowance and a comprehensive Career
Development program
?? A fulfilling opportunity to join one of the top FinTechs and help create a
new kind of banking experience
Equitable Bank is deeply committed to inclusion. Our organization is stronger
and our employees thrive when we honour and celebrate everyone’s diverse
experiences and perspectives. In tandem with that commitment, we support and
encourage our staff to grow not just in their career path, but personally as
well.
We commit to providing a barrier-free recruitment process and work environment
for all applicants. Please let us know of any accommodations needed so that you
can bring your best self to the application process and beyond. All candidates
considered for hire must successfully pass a criminal background check and
credit check to qualify for hire. While we appreciate your interest in applying,
an Equitable recruiter will only contact leading candidates whose skills and
qualifications closely match the requirements of the position.
We can’t wait to get to know you!