Senior Consultant, Cryptographic Service Management

Overview

As a Senior Consultant, Cryptographic Service Management, you will join CIBC’s Cybersecurity department to shape and evolve the enterprise-wide cryptographic strategy. Your role focuses on ensuring the security and resilience of CIBC’s cryptographic services, including Hardware Security Modules (HSMs), key management, X.509 certificates, PKI, cryptographic standards, and readiness for the Post‑Quantum Cryptography (PQC) era.

• Lead Digital Certificate and Key Automation onboarding into CIBC’s enterprise digital certificate and key management platforms. Own the onboarding intake and end‑to‑end delivery by identifying and prioritizing candidate applications, defining onboarding requirements, establishing automation patterns, coordinating technical implementation, and ensuring operational readiness. Document onboarding standards and runbooks, guide application teams through integration (key discovery, issuance, renewal, revocation, policy enforcement), and partner with platform, infrastructure, IAM, and application delivery teams to scale certificate and key automation across the enterprise.
• Provide strategic insights, report on service performance using Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), and ensure the department’s cryptographic services align with enterprise goals, regulatory expectations, and industry best practices.
• Develop and maintain strategic roadmaps for cryptographic data security, leveraging deep knowledge of HSMs, key management, X.509 certificates, PKI, and cryptographic standards. Gather requirements, develop business cases, and lead projects and POCs to support the strategy. Evaluate and implement emerging cryptographic technologies such as Post‑Quantum Cryptography.
• Guide the secure design, implementation, and operation of cryptographic services across the enterprise. Direct the review, development, testing, and implementation of cryptographic security plans, products, and control techniques.
• Lead and support integrations between enterprise platforms, PKI/CA/key services, KMIP, IAM, network and infrastructure services, and diverse application stacks (cloud, on‑prem, containerized, legacy). Define integration requirements and technical designs for key and certificate discovery, enrollment, renewal, rotation, revocation, and policy enforcement.
• Utilize APIs, service accounts, authentication and authorization models (mTLS, OAuth), secrets management, CI/CD and IaC tooling, and operational monitoring to enable resilient automated certificate lifecycle management. Troubleshoot integration issues across application, middleware, and infrastructure layers to remove blockers and accelerate onboarding.
• Build and present documentation to executive management and leadership teams, effectively conveying complex cryptographic concepts, strategies, and the benefits of proposed security programs. Provide awareness and training to application development teams on cryptographic services, data protection, and industry best practices.
• Act as a trusted advisor within the broader team, influencing application development, operational, and infrastructure teams to integrate cryptographic security controls into their design and product delivery. Stay abreast of the latest threat landscape and proactively assess emerging threats and their impact on organizational security posture.
• Define and report on KPIs and KRIs to measure cryptographic service performance and risk. Apply robust problem‑solving skills to analyze complex security challenges and propose effective solutions.

• 8+ years of experience in cryptographic security concepts, including encryption of data at rest, in transit, and in use, key management, and cryptographic controls.
• Robust understanding of data governance, data privacy, and regulatory requirements related to cryptography.
• Experience with key and certificate management systems, protocols, processes, and cryptographic hardware such as HSMs.
• Certified professional with CISSP, CISA, or CISM designation in good standing.
• Degree or diploma in Computer Science, Engineering, or a related field.
• Passion for cryptographic security, vulnerability management, and adherence to industry best practices.

Work 1–3 days per week on‑site in Toronto, 4 days remote.

CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and provide an accessible candidate experience. All candidates must be legally eligible to work in Canada.

Competitive salary, incentive pay, banking benefits, defined benefit pension plan, employee share purchase plan, vacation offering, wellbeing support, and a flexible benefits program.