Principal Analysts, Data Security & Technical Standards, Consumer-Driven Banking

Take a central role

The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment. 

Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.  

With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers:  Working Here - Bank of Canada

Find out more about the next steps in our Recruitment process. 

This process may be used to fill multiple term or permanent positions within the Consumer-Driven Banking team over time. Due to the anticipated volume of hiring, the assessment process may extend over a longer period, with candidates being assessed on an ongoing basis.

Application Process

Your application must include the following:

• Curriculum vitae; and
• Cover letter outlining how your skills and qualifications meet the requirements for the role.

About the Bank of Canada’s New Mandate to Oversee Consumer-Driven Banking

Through the 2025 Federal Budget the Government of Canada has given the Bank of Canada the mandate to oversee the Consumer-Driven Banking Act.

Consumer-Driven Banking is a framework that enables consumers to provide consent to share their financial data with financial companies of their choice. Within this framework, consumers can control, manage, edit, and delete their information, and decide when, how, and to what extent their financial institution shares that information. By enabling consumers to safely and confidently use their financial information, Consumer-Driven Banking has the potential to expand choice, foster innovation in financial products and services, and strengthen competition across the financial sector.

Under the Consumer-Driven Banking mandate, the Bank of Canada will:

• Accredit entities to participate in the framework’s data-sharing ecosystem;
• Maintain a registry of accredited entities;
• Supervise participating entities so that they are managing their risks associated with sharing consumers’ data– this includes assessing participating entities’ compliance with requirements related to:
  • Data sharing;
  • Management of consumers’ express consent to share data;
  • Consumer protection measures;
  • Complaints handling procedures and processes;
  • Security safeguards to protect consumer data; and
  • Technical standards for sharing consumer data.
• Oversee accredited third-party service providers, an external complaints body, and a technical standards body for their compliance with their requirements under the Consumer-Driven Banking Act; and
• Monitor developments, evaluate trends, and foster competition in Consumer-Driven Banking.

You will act as a key member of the team responsible for the development and implementation of the new supervisory framework operating within ambitious timelines while creating a new regulatory environment.

You will apply your experience and expertise to develop guidance, supervisory practices, and assessment criteria to support the Bank of Canada’s evaluation of entities’ compliance under the Consumer-Driven Banking Act.

Through this posting, we are hiring Principal Analysts across two streams:

1. Technical Standards
2. Data Security

Please indicate in your application which stream is of greatest interest.

ABOUT THE ROLES

Principal Analysts support the Bank’s supervisory mandate under the Consumer-Driven Banking Framework by developing supervisory guidance, approaches, and risk assessment methodologies.

Across all streams, you will:

• Contribute to the development of supervisory guidance and assessment criteria;
• Support the design and implementation of supervisory processes and tools
• Contribute to the development of the Bank’s risk-based approach for supervision;
• Assess risks and controls across participating entities; and
• Translate technical issues into supervisory and risk implications.

1. Technical Standards

Technical standards enable secure and consistent data exchange across financial institutions and third-party providers through common rules such as API specifications, authentication protocols, and data formats. In this stream, you will provide expertise to supervise technical standards for consumer-driven banking.

Key expertise:

• API & Systems Architecture Literacy – Deep understanding of API based ecosystems including authentication, authorization, encryption, and interoperability across institutions.
• Controls Based Technology – Experience assessing IT general controls, application level controls, configuration and change management reviews, and third party risk controls.
• Assessment of Cyber Risk Controls – Ability to assess risks arising from technical standards themselves, including systemic, ecosystem wide, operational, security, and fraud risks.
• Testing & Conformance Assessment – Experience verifying technical standards including reviewing results from: conformance tests, interoperability testing, self attestation, and independent testing.

2. Data Security

Data security standards protect the confidentiality, integrity, and availability of financial data shared across the ecosystem. In this stream, you will assess risks related to data protection, access, and external dependencies (e.g., cloud, third parties).

Key expertise:

• Information and Asset Security – Experience developing, implementing, assessing, and testing data security controls across assets and processes used to store, process, and transmit information.
• Third Party Outsourcing and Cloud – Ability to identify and protect against data security risks related to outsourcing.
• Intrusion and Incident Detection and Response – Experience monitoring, detecting, and responding to threats to data security.
• Risk Management and Compliance – Ability to conduct risk assessments and ensure the storage, transit, and manipulation of data follows regulatory frameworks.

BOTH STREAMS: WHAT YOU WILL NEED TO SUCCEED

• Technical Advisory & Oversight – Ability to understand, challenge, and assess technical decisions and translate them into risk impacts.
• Project Management – Organize work, manage competing priorities, and deliver in a fast-paced environment. Translate business requirements into IT processes using an agile approach.
• Collaboration – Build strong relationships, align with team priorities and decisions, and seek diverse perspectives.
• Effective Communication – demonstrate strong oral and written communication skills, including an ability to convey complex technical concepts clearly to both technical and non-technical audiences.
• Problem Solving – Analyze complex regulatory, financial, and technical issues and propose practical solutions.
• Self-starter – Take initiative and proactively identify next steps to move work forward; comfortable working with ambiguity as new elements of the framework and its implementation evolve in parallel.
• Coaching & Leadership – Support and mentor junior team members.

Nice-to-have

• Knowledge of consumer-driven banking, including regulatory approaches and risk management.
• Experience developing and implementing supervisory/regulatory frameworks.
• Practical experience with, or knowledge of, risk-management practices at payments firms, technology firms, and financial institutions.
• Practical experience as a financial sector supervisor.

Your education and experience

Your combined education and experience demonstrate the depth of expertise required for the role. Typically, this includes:

• A relevant degree or diploma
• Six (6) or more years of progressive experience in:
  • Information or data security
  • Cyber or technology risk
  • Technical standards or APIs
  • Technology risk management

Innovative Mindset
We value candidates who demonstrate adaptability, curiosity, and a willingness to learn new technologies, including AI and digital tools. We seek individuals who can think critically about data, question existing processes, and find ways to simplify our work while embracing change and new ways of doing things. 

Language requirement

The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French.  The position language requirement is Level 5 (Fully Functional).  If a qualified candidate who meets the language requirement of the position is not found, a qualified candidate who does not meet the language requirement may be considered. Training may be provided to help reach the required level.  Both bilingual and unilingual candidates are encouraged to apply. 

What you need to know

• Priority will be given to Canadian citizens and permanent residents
• Security level required: Be eligible to obtain Secret 
• Relocation assistance may be provided, if required
• Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.

Hybrid Work Model
The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a portion of each month as part of the Bank’s hybrid work model, and they are expected on site at the Bank location a minimum of 12 days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office. 

What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider. 

• Salaries are based on qualifications and experience and typically range from $126,765 to $149,135 (job grade 18)
• The Bank offers an incentive for successfully meeting expectations at  7 to 10% of your base salary. The Bank offers additional performance pay (5%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
• Flexible and comprehensive benefits so you can choose the level of health, dental disability and life and/or accident insurance coverage that meets your needs
• Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
• Indexed, defined-benefit pension

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.