This posting may also be used to fill additional roles, either term or permanent, within the Consumer-Driven Banking team as they become available in the near future.

Application Process

Your application must include the following: 

• Curriculum vitae; and
• Cover letter outlining how your skills and qualifications meet the requirements for the role.

About the Bank of Canada’s New Mandate to Oversee Consumer-Driven Banking

Through the 2025 Federal Budget the Government of Canada has given the Bank of Canada the mandate to oversee the Consumer-Driven Banking Act.

Consumer-Driven Banking is a framework that allows consumers to share their financial data with financial companies of their choice. Within the framework, consumers may control, edit, manage, and delete their information. Consumers may decide when, how, and to what extent their financial institution shares information with financial companies. Providing a framework that allows consumers to safely and confidently use their financial information can help improve their choices with new financial products and services while keeping their information safe.

Under the Consumer-Driven Banking mandate, the Bank of Canada will:

• Accredit entities to participate in the framework’s data-sharing ecosystem;

• Maintain a registry of accredited entities;

• Supervise participating entities and make sure the risks associated with data sharing are appropriately managed – this includes assessing participating entities’ compliance with the following Consumer-Driven Banking Act requirements for:

•  
• Data sharing;
• Security safeguards;
• Technical standards;
• Consent management;
• Consumer measures;
• Complaints procedures;
• Oversee accredited third-party service providers, an external complaints body and a technical standards body to determine whether they are compliant with the provisions of the Consumer-Driven Banking Act;
• Monitor and evaluate trends and emerging issues that may have an impact on consumers of consumer-driven banking; and
• Foster competition in the financial sector in the interests of consumers.

The Bank of Canada is undergoing preparations to implement this new mandate through contributions to the regulatory development process (led by the Department of Finance) and internal work to design and implement a supervisory framework.

What you will do

You will act as a key member of the team responsible for the development and implementation of the new supervisory framework operating within ambitious timelines while creating a new regulatory environment.

You will apply your experience and expertise to develop data security standards for entities participating in Consumer-Driven Banking along with assessment criteria to support the Bank of Canada’s evaluation of compliance.

Data security safeguards are a key requirement for securely sharing consumer data within the Consumer-Driven Banking Framework. Given the diversity of participating entities’ sizes, business models, and risk profiles, you will help define minimum security safeguards, as well as incident reporting and remediation requirements, to help participants manage risks related to protecting consumer data.

Data security requirements will draw on established information security standards and will include, but are not limited to:

• System and application security;
• Access control and authentication;
• Data protection and encryption;
• Network and infrastructure security;
• Third-party and cloud security;
• Security awareness and training; and
• Incident management and remediation.

You will contribute to the development of these requirements, publishing guidance to support compliance by participating entities, design reporting requirements and develop evaluation criteria to assess the effectiveness of data security controls.

You will also support the design of supervisory processes for day-to-day supervision of participating entities and help codify these processes into an IT system to enable effective supervision. In addition, you will contribute to the development of the Bank’s risk assessment approach under the Consumer-Driven Banking Framework.

What you will need to succeed

• Information and Asset Security– Experience developing, implementing, assessing, and testing controls to data security risks across the assets and processes used to store, process, and transmit information with a strong ability to provide sound, practical advice on a broad range of data security issues.
• Third Party Outsourcing and Cloud – Ability to identify and protect against data security risks related to outsourcing.
• Intrusion and Incident Detection and Response – Experience monitoring, detecting, and responding to threats to data security.
• Risk Management and Compliance – Ability to conduct risk assessments and ensure the storage, transit, and manipulation of data follows regulatory frameworks.
• Project Management – Ability to manage projects, organize work, balance multiple priorities, propose effective approaches, and deliver under tight deadlines. Experience translating business requirements and supporting their adoption into IT processes using an agile approach.
• Collaboration – Ability to build positive working relationships by supporting team decisions, constructively addressing conflict, seeking diverse perspectives, and aligning work to team priorities while being responsive to requests for support.
• Effective Communication Skills – Strong oral and written communication skills, including an ability to adapt the delivery of your communication style to a wide variety of internal and external audiences.
• Problem Solving – Demonstrated ability to a to analyze statutory, financial, payments, and risk information and to apply innovative thinking to complex policy issues.  
• Self-starter –Take initiative and proactively identify next steps to move work forward; comfortable working with ambiguity as new elements of the framework and its implementation evolve in parallel. 

Nice-to-have

• Relevant industry certification such as CISSP, CISA/CISM, CRISC, GSNA, and/or PCI-DSS
• Knowledge of consumer-driven banking, including regulatory approaches, risk management, and technical standards.
• Experience developing and implementing supervisory/regulatory frameworks
• Practical experience with, or knowledge of, risk-management practices at payments firms, technology firms, and financial institutions.
• Practical experience as a financial sector supervisor

Your education and experience

This position requires a Bachelor’s degree in computer science, information security, information systems, computer engineering, or another relevant discipline and six (6) or more years of progressively responsible experience in information security, data security, cyber risk, or technology risk management.

Your combination of education and professional experience demonstrates the depth of expertise, judgment, and analytical capability required to support the Bank of Canada’s supervisory mandate under Consumer‑Driven Banking.

Innovative Mindset

We value candidates who demonstrate adaptability, curiosity, and a willingness to learn new technologies, including AI and digital tools. We seek individuals who can think critically about data, question existing processes, and find ways to simplify our work while embracing change and new ways of doing things. 

Language requirement
The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. Although the position language requirement is English or French essential, we do encourage everyone to improve their second language proficiency for future career growth and to contribute towards fostering a bilingual environment.

What you need to know

• • Priority will be given to Canadian citizens and permanent residents
  • Security level required: Be eligible to obtain Secret 
  • There will be no relocation assistance provided
  • Please save a copy of the job poster. Once the closing date has passed, it will no longer be available. 

Hybrid Work Model

The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a portion of each month as part of the Bank’s hybrid work model, and they are expected on site at the Bank location a minimum of 12 days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.  

What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider. 

• • Salaries are based on qualifications and experience and typically range from $111,051 to $130,649 (job grade 17)
  • The Bank offers an incentive for successfully meeting expectations at  7 to 10% of your base salary. The Bank offers additional performance pay (5%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
  • Flexible and comprehensive benefits so you can choose the level of health and dental coverage that meets your needs
  • Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
  • Option to join the indexed, defined-benefit pension plan after 24 consecutive months of service

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.