Associate Director - Cyber & IT Risk

Job Description

Reporting to the Director, Technology Strategy within Group Risk Management Enterprise Resilience Risk (ERR), you will lead Second Line of Defense engagement across all Regulatory Examinations and Regulatory Issue Remediation. This role involves collaborating with global Cyber and Technology Risk, Business Regulatory & Issues Management, US Regulatory Relations, and Global IT Risk (encompassing Global Cyber Security, Technology & Operations) to ensure compliance with regulatory examination requirements across first and second lines of defense.

This position offers a high-profile opportunity to work within a dynamic framework, providing broad exposure to Technology and Operational Risk Management.

• Perform review and challenge for all regulatory submissions to ensure accuracy, validity, completeness, and alignment with internal RBC policies, standards, and regulatory requirements.
• Identify areas for improvement through regulatory submission analysis, communicating issues, risks, and control gaps to the broader Second Line of Defense team and subject matter experts to facilitate targeted remediation efforts.
• Coordinate and draft Second Line of Defense Regulatory Exam First Day Letter Requests.
• Plan, execute, and deliver Second Line oversight, review, and challenge for regulatory work streams within the US.
• Partner with senior leaders in US Operations and Global Technology to ensure integrated regulatory remediation activities.
• Ensure traceability of remediation outputs to root causes and regulatory responses, securing appropriate governance signoffs as necessary.
• Perform review and challenge for regulatory remediation activities to validate alignment with corrective actions and verify documentation of remediation efforts.
• Track and report on trends and gaps within regulatory activity and submissions.

• Undergraduate degree in Technology or Business, followed by a minimum of 7 years of progressively responsible experience in Technology, IT Risk, or IT Internal Audit, including risk analysis and reporting roles.
• Detail-oriented, operationally focused, and action-driven mindset with a commitment to continuous improvement.
• Demonstrated knowledge of regulatory compliance and risk management within the financial services industry.
• Strong interpersonal, influencing, and communication skills, with the ability to effectively engage stakeholders, regulators, and cross-functional teams.

• Experience with in a large, global financial services organization.
• Certifications such as CISSP, CRISC, or other Information Security credentials.
• 5 years of dedicated IT risk management experience.
• Working knowledge of GRC tools (e.g., Archer, Service Now).

• A comprehensive Total Rewards Program including competitive compensation and flexible benefits such as a 401(k) program with company-matching contributions, health, dental, vision, life, disability insurance, and paid time off.
• Leadership support through coaching and development opportunities.
• Opportunity to make a difference and have a lasting impact.
• Dynamic, collaborative, progressive, and high-performing team environment.
• Challenging work and relationships with clients.