Senior Supervisor, Cyber Risk Supervision

Bank of Canada • Ottawa, Ontario, Canada • C$ 95k - C$ 107.29k / year • 1w ago

Senior Supervisor, Cyber Risk Supervision

Take a central role
The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment.

Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.

With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers: Working Here - Bank of Canada

Find out more about the next steps in our Recruitment process.

Application Process
Your application must include the following:

curriculum vitae
cover letter outlining why you are applying for this position and how your skills and qualifications meet the requirements for the role.

About the Supervision Department
The payments landscape in Canada and globally is changing rapidly. The rapid pace of technological change in Canada and around the world is introducing new and better ways for consumers and businesses to make payments.

The Bank of Canada is implementing a new Retail Payments Supervision (RPS) mandate under the Retail Payment Activities Act. Under this mandate, the Bank will supervise retail payment service providers’ (PSPs) compliance with operational risk management (including cyber and information security) and funds safeguarding requirements and maintain a public registry of regulated PSPs.

The Bank will assess whether PSPs are adequately managing their risks and help identify areas where their risk-management practices should be improved. To fulfill its mandate, the Bank will have a combination of tools to promote compliance including allowing the Bank to enforce regulatory requirements when necessary.

What you will do
As a Senior Supervisor in the Risk Supervision team, your role is crucial in ensuring the Bank meets its regulatory obligations regarding payment service providers (PSPs).

You will apply your knowledge of cyber and information security risk management practices to help implement the Bank’s framework for PSP supervision, and assess the compliance of PSPs with their regulatory obligations.

Your responsibilities will include:

Assessing PSPs' cyber and information security risks and vulnerabilities, and adequacy and effectiveness of controls
Analyzing PSP reporting of cyber and information security incidents
Communicating with PSPs on issues related to ongoing risk assessment activities
Collaborating with colleagues on supervisory actions
Creating business documentation and information repositories.
Helping develop new processes and policies to optimize the Bank’s approach to PSP risk assessment.

What you need to succeed
As a self-motivated critical thinker, you have the following industry knowledge and experience:
*

Cybersecurity principles and risk experience
Comprehensive understanding of cyber security best practices including cyber defence mechanisms and best practices.

Demonstrated knowledge in assessing, managing or supervising cybersecurity practices ideally through regulatory supervisory roles, consulting or experience in second or third line of defence roles.
Strong theoretical and practical knowledge of cyber and IT risk including risk identification evaluation and mitigation.
Understanding of risk management frameworks such as the NIST cybersecurity framework, ISO 27001 etc.

Cybersecurity landscape awareness
Solid understanding of emerging cybersecurity threats, trends, and best practices
Regulatory compliance knowledge
Understanding critical financial sector regulations (such as PCI DSS, SOC 2, GDPR, PIPEDA, RPAA) and other compliance frameworks and how they impact cybersecurity and risk management.
Cyber tools knowledge
Familiarity with cybersecurity tools for risk management, incident response and monitoring platforms in identifying and managing cyber risks.

You are a critical thinker, able to synthetize information and provide quality analyses while considering many factors and perspectives. You are flexible and able to adapt to an evolving work environment and changing priorities. Furthermore, you are able to organize and balance a variety of tasks. You have a proven ability to communicate clearly and adapt your communication style for a wide range of audiences, including senior management and external stakeholders.

You are equally comfortable working collaboratively within a team, or independently. You develop and maintain harmonious relationships with a wide range of business contacts and build supportive working relationships with peers, your leader, as well as internal and external stakeholders.

Nice-to-have

Software development knowledge - understanding of DevOps or DevSecOps processes
Knowledge of incident management and response processes.
Knowledge of cloud technologies and cloud security practices and understanding how they apply to risk management and cybersecurity within cloud environments.
Understanding of secure system architecture and design principles with experience in assessing or advising on system architectures that align with cyber security and risk management best practices.
Knowledge of retail payment service providers, the retail payments ecosystem, or financial technology companies (paytechs or fintechs)
At least one of the following certifications:
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CRISC (Certified in Risk and Information Systems Control)
CGRC (Certified Governance, Risk and Compliance)
CISA (Certified Information Systems Auditor)

Your education
The position requires:

a masters degree in Computer Science, Information Technology, Cyber Security or a related discipline, with four years of relevant experience; or
a minimum bachelors degree in Computer Science, Information Technology, Cyber Security or a related discipline, with six years relevant experience.

A combination of education and experience may be considered. Candidates with degrees in other fields may be considered if they have significant practical cyber-security experience.

What you need to know

Language requirement: The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. The position language requirement is Service to Public PLR 5 (Fully Functional). If a qualified candidate who meets the language requirement of the position is not found, a qualified candidate who does not meet the language requirement may be considered. Training may be provided to help reach the required level. Both bilingual and unilingual candidates are encouraged to apply.
Priority will be given to Canadian citizens and permanent residents
Security level required: Be eligible to obtain Secret
Relocation assistance may be provided, if required
Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.
The official title for this position is “Senior Supervisor, Risk Supervision ”

Hybrid Work Model
The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a substantial part of each month as part of the Bank`s hybrid work model, and they are expected on site at the Bank location a minimum of eight days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.

What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider.

Salaries are based on qualifications and experience and typically range from $106,739 to $125,575 (job grade 17)
The Bank offers an incentive for successfully meeting expectations at 7 to 10% of your base salary. The Bank offers additional performance pay (5%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
Flexible and comprehensive benefits so you can choose the level of health, dental disability and life and/or accident insurance coverage that meets your needs
Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
Indexed, defined-benefit pension

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted. #INDEED-HP