Job Description

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

What You’ll Be Doing

The Security Service Management (SSM) function within Cyber Security at CIBC is responsible for ensuring that critical web applications and digital services are protected by robust security controls, in accordance with enterprise frameworks and standards. SSM develops, operationalizes, and continuously improves security services—such as Akamai ION, Web Application Firewall (WAF), and other cloud-based security solutions—to identify vulnerabilities, enforce remediation, reduce risks, ensure regulatory readiness, and enable secure innovation across the bank. This Senior Consultant, Security Service Management will support CIBC’s SSM practices by evaluating new security technologies (e.g., Akamai ION, WAF, DDoS mitigation), developing effective operational plans in partnership with business teams and other risk control groups, and providing security services to the enterprise. The position will be responsible for ensuring that all web-facing applications and services are appropriately risk-assessed, as required by the Risk Assessment Process. The Senior Consultant will work collaboratively with application development, network security, security engineering, and oversight bodies to ensure that all security testing requirements are adhered to and are effective in managing web application and network-related risks.

At CIBC, we foster an environment that enables you to thrive in your role. You’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-3 days per week on-site, with the remaining days remote.

How You’ll Succeed

• Providing Solutions to Reduce Security Risk Collaborate with risk management, application security, IAM, DLP, and network security teams to address web and network security needs, embed security features, and reduce operational pain points. Propose solutions to risk and control teams and contribute to enterprise security standards and educational resources.
• Lead the Evaluation and Integration of Security Technologies: Conduct market comparisons and vendor assessments for Akamai and other security platforms, manage vendor selection and proof-of-concept processes, and oversee RFI documentation. Set up testing environments and evaluate solutions for future rollouts.
• Ensure Applications Are Managed and Tested with High Assurance: Work with security vendors to develop and deploy controls that enable identification, assessment, and mitigation of web application and network risks. Ensure compliance with governance requirements and support CIBC’s leadership in secure web and digital service delivery. Assist with ongoing risk reporting and reviews.
• Translate Research into Actionable Insights Monitor and report on trends in web application and network security, document potential threats, and ensure new security features address emerging risks. Develop and refine security processes and tools, and operationalize security controls within the application lifecycle and runtime environments.
• Ignite Innovation Evaluate the latest features in Akamai ION, WAF, and related services. Support the development and adoption of strategies and success metrics, and actively participate in all security service meetings.
• Develop and Maintain Comprehensive Documentation Create essential documentation such as RACI matrices, operational processes, playbooks, and procedures for WAF policy management, incident response, and runtime protection. Define workflows, scanning frequency, issue review protocols, and escalation paths for risk assessment. Collect and analyze health check metrics to measure service improvement, maintain backlogs based on service capabilities, and develop data flow diagrams from an architectural perspective. Manage the ServiceNow Catalogue for access and identify new roles for security configuration management. Oversee the end-to-end risk management process for WAF and Akamai ION requests. Ensure enterprise standards are updated with the latest security control requirements and facilitate discussions with stakeholders to finalize all processing documentation.
• Enable Automation: Identify and document opportunities for automation to reduce human effort in testing and assessment processes, and track expected outcomes such as hours saved within operations.

Who You Are

• You can demonstrate 5+ years of experience in Security operations and hands-on experience in Akamai ION, WAF, DDoS mitigation, and web application security controls. You understand the production lifecycle and have assessed controls and evidence in regulated environments. You are familiar with NIST, ISO/IEC security standards, and can embed new processes to reduce application and network risk in financial services, translating requirements into pragmatic, auditable security controls. You apply data protection, threat mitigation, security-by-design, and third-party risk practices to safeguard clients and the bank, and support positive outcomes for society.
• You have a degree/diploma in ­­­­­­­­­­­­­­­­­­relevant field (e.g., Computer Science, Engineering, Information Security, Risk Management). Certifications such as CISSP, CISM, or Akamai certifications are assets.
• Your influence makes a difference. You know that relationships and networks are essential to success. You inspire outcomes by sharing your expertise.
• You act like an owner. You thrive when you're empowered to take initiative, go above and beyond, and deliver results.
• You embrace and advocate for change. You continuously evolve your thinking and the way you work in order to deliver your best.
• You look beyond the moment. You know what you do will make a difference today and tomorrow. You look for new opportunities to define what's possible.
• Values matter to you You bring your real self to work and you live our values - trust, teamwork, and accountability.

#LI-TA

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.

• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

• CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com

• CIBC is committed to clarity in our hiring process. All roles posted are opportunities we’re actively recruiting for, unless stated otherwise.

• You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

• We may ask you to complete an attribute-based assessment and other skills test (such as simulation, coding, French proficiency).

• We use artificial intelligence tools during the recruitment process. Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.

Job Location

Toronto-141 Bay, 17th Floor

Employment Type

Regular

Weekly Hours

37.5

Skills

Application Security, Business Operations, Cybersecurity, Information Security, Network Security, Security Service