About the position

We are seeking a detailed and risk-oriented individual to join our forward-thinking Cybersecurity Third-Party Risk Management Program within the Cyber Security Division.
Reporting to the Assistant Director, Cyber Architecture and working closely with Cyber Third-Party Risk Management Lead, you will work in a fast-paced and innovative environment enabling Canada’s central Bank to work securely.

What you will do 

This is an excellent opportunity to join a dynamic and highly skilled team of cyber specialists working in a fast-paced and innovative environment enabling Canada’s central Bank to work securely. As an IT Security Assessment Specialist, you support the cyber third-party risk management (C-TPRM) program at the Bank. This includes following a defined C-TPRM methodology, managing the risk assessments, and due diligence processes, both at on-boarding and throughout the lifecycle of a vendor relationship. You would ensure vendor cyber risks are captured and reported to all stakeholders. In addition, you play an important role in educating and collaborating with business owners, security solutions architects, solutions integrators, principal consultants, project managers, legal and privacy teams to collect necessary details and assurance documentation and advise on identified vendor cyber risks to the Bank of Canada.

What you need to succeed

• Familiarity with risk management
• Familiarity with security risk assessment methodologies and reporting.
• Knowledge of security best practices and security frameworks (NIST 800-53) 
• Familiarity with security attestation reporting and certifications such as SOC 2, ISO 27001, CSA STAR
• Familiarity with OWASP Top 10 
• Ability to systematically analyze information, define problems and draw logical conclusions
• Process driven coupled with being an excellent communicator, both oral and written
• Innovative problem solver, self-starter, and effective team player 
• Understanding of the fundamentals of cloud service offerings (IaaS, PaaS, SaaS) as well as the shared responsibility model of each
• Practical experience with the implementation of cyber assessment process 

Assets

• Experience as a third-party assessor or internal or external auditor, providing consultation services to public sector organizations or Crown corporations. 
• Relevant certification (CISSP, CISM, CRISC, or other relevant cybersecurity certifications)

Your education and experience

The position requires a university degree or 3-year college diploma in computer science, software or systems engineering, or a related discipline with minimum of three (3) years of recent work experience directly related to one or more of the following areas:

• Third-party risk assessment
• Technical vulnerability assessment and penetration testing (including at the application layer)
• Application security, including secure coding practices or technical security risk assessment/security audits on web, server or desktop applications or an equivalent combination of education and experience may be considered. 

Innovative Mindset

We value candidates who demonstrate adaptability, curiosity, and a willingness to learn new technologies, including AI and digital tools. We seek individuals who can think critically about data, question existing processes, and find ways to simplify our work while embracing change and new ways of doing things. 

Language requirement
The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. Although the position language requirement is English or French essential, we do encourage everyone to improve second their language proficiency for future career growth and to contribute towards fostering a bilingual environment.

What you need to know

• • Priority will be given to Canadian citizens and permanent residents
  • Security level required: Be eligible to obtain Secret 
  • There will be no relocation assistance provided
  • Please save a copy of the job poster. Once the closing date has passed, it will no longer be available. 

Hybrid Work Model

The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a portion of each month as part of the Bank’s hybrid work model, and they are expected on site at the Bank location a minimum of 12 days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.  

What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider. 

• • Salaries are based on qualifications and experience and typically range from $94,193 to $110,816 (job grade 16)
  • The Bank offers an incentive for successfully meeting expectations at  5 to 7% of your base salary. The Bank offers additional performance pay (3%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
  • Flexible and comprehensive benefits so you can choose the level of health and dental coverage that meets your needs
  • Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
  • Option to join the indexed, defined-benefit pension plan after 24 consecutive months of service

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.