Sr. 3rd Party Risk Assessor - 55331

Business Unit: Chief Information Security Office

Duration: Jan 30th 2026

Extension possible: Yes

Conversion Possible: No

Interview Process: 1 round Virtual ( format = Panel )

Work Location: HYBRID, 160 Front Street West Corporate, Toronto, Ontario ( In office 2 days a week )

CANDIDATE PROFILE DETAILS:

Degree/Certifications Required:

Years of experience: 8yrs +

Reason for request/why opened: Replacement

% Interaction with Stakeholders: 70%

Project Scope: BAU

Team Size: 25 ppl

Selling Points of Position: Working within a leading FI organization

SUMMARY OF DAY TO DAY RESPONSIBILITIES:

About the role: We are looking for someone to lead and execute third party cyber risk assessments of the Bank's global suppliers. The assessor will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect the Bank . The assessor may also participate in department initiatives of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.

• Coordinate with key risk stakeholders to initiate, scope and plan third party cyber risk assessments of new and existing suppliers of all risk levels.

• Lead or contribute to the completion of third-party cyber risk assessments at the business application, portfolio, or overall enterprise level.,

• Communicate the cyber risk assessment results to internal and external stakeholders.

• Coordinate with risk stakeholders to identify appropriate risk mitigation and remediation plans. Perform validation of the risk mitigation and remediation plans upon implementation.

• Complete assessments in accordance with internal procedures and standards, industry frameworks and best practices.

• Guide partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents.

• Contribute to the definition, development, and oversight of a global third-party cyber security management strategy and framework.

• Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.

• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.

• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.

Must haves:

3+ years of third party cyber risk assessment/assessor experience.

Expert knowledge of IT security and risk disciplines and practices.

Advanced knowledge of organization, technology controls, security and risk issues.

Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.

Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors.

NICE TO HAVE

Information Security Certification / Accreditation is an asset.