About the Position  

We are seeking an innovative and dedicated individual to join our forward-thinking Cyber Architecture and Assurance (CAA) Portfolio within the Cyber Security Division.  

Reporting to the Assistant Director, Cyber Assurance, you will be part of a dynamic and highly skilled team of cyber specialists enabling Canada's Central Bank to work securely. With the increase in sophistication and frequency of cyber-attacks, cyber security has been identified as a top priority at the Bank of Canada.  

The focus of this role is to lead the technical integration and evolution of the Bank’s Vulnerability and Exposure Management program, with a specific emphasis on securing Cloud solutions (SaaS, IaaS, and PaaS).  

What You Will Do  

You will combine strong analysis, problem-solving, and communication skills to serve as a technical expert for the Assurance team. You will be responsible for defining how the organization identifies, prioritizes, and remediates risk across a hybrid environment.  

Key Responsibilities:  

• Program Stewardship: Lead the design, integration, and operationalization of Vulnerability and Exposure Management capabilities. You will act as the technical authority for building and maintaining the program, ensuring it scales with the Bank's aggressive move to the Cloud.  

• Cloud Compliance & Azure Policy: Manage the Bank’s cloud security posture by designing and implementing Azure Security Policies. You will configure monitoring for policy violations, analyze alerts, and define automated or guided remediation actions to address non-compliance.  

• Metrics & Reporting: Develop and manage Key Performance Indicators (KPIs) and risk metrics that demonstrate the effectiveness of the vulnerability management control. You will translate technical data into business-consumable insights for leadership.  

• Stakeholder Engagement: Act as the primary advocate for Exposure Management. You will meet regularly with portfolio clients to explain their specific risk exposure, educate them on vulnerability impact, and provide clear, actionable guidance on remediation steps.  

• Innovation: Conduct pilots and proof of concepts related to automated remediation, AI-driven risk analysis, and advanced cloud monitoring to reduce the organization's attack surface. Bring your curiosity and practical experience with Artificial Intelligence to help us explore how emerging AI capabilities can streamline vulnerability management and outpace evolving threats.  

Mentorship and Capability Development  

• Technical Mentorship: Provide technical direction, coaching, and mentorship to team members and consultants within the Assurance team. You will guide their work on technical assessments and ensure alignment with CAA objectives.  

• Knowledge Sharing: Actively share expertise with colleagues to build the team's collective technical capability, fostering a culture of continuous learning and innovation.  

• Influence: Drive technical consensus and best practices without direct managerial authority, leveraging your expertise to guide the team's approach to Cloud Security.  

What You Need to Succeed  

You are a self-starter capable of grasping new information and providing innovative solutions in a team environment. You move easily between deep technical configuration and high-level business communication. You can navigate ambiguous situations and complex problems, using your expertise to find a potential solution. You rapidly and positively adapt to—and champion—change, embrace new ways of working, and stay resilient while supporting others through shifting priorities and ongoing disruption.  

Required Experience:  

• Vulnerability Program Management: Proven experience building, maturing, and maintaining a Vulnerability and Exposure Management program in a complex enterprise environment.  

• Cloud Security Expertise: Deep proficiency with Microsoft Azure, specifically regarding Azure Policy, Defender for Cloud, and cloud compliance monitoring. You understand how to detect and respond to policy violations in real-time.  

• Data & Analytics: Experience defining and generating metrics that tell a story of "Control Effectiveness" rather than just counting bugs.  

• Consulting & Communication: Strong ability to explain complex security risks to non-technical stakeholders. You can influence portfolio owners to prioritize remediation without being adversarial.  

Technical Knowledge:  

• Cyber Architecture and Assurance (CAA) concepts.  

• Vulnerability Scanning and Management tools (e.g., Qualys, Tenable, Defender).  

• Cloud technologies including SaaS, IaaS, and PaaS platforms.  

• Implementing data analytics use cases for monitoring CAA activities.  

Your Education and Experience  

• Relevant degree/diploma in Computer Science, Cyber Security, or Engineering.  

• 5+ years of relevant experience in Cyber Security with a focus on Vulnerability Management or Cloud Security Architecture.  

• 7+ years of relevant total career experience