Job DescriptionWhat is the opportunity? As part of the Group Risk Management (GRM) Enterprise Resilience Risk team, the Director, Cyber & Technology Risk will be responsible for providing Cyber and IT Risk Management subject matter expertise in the form of oversight and challenge to the first line of defense operating teams in the areas of AI, technology architecture, cloud, and emerging technologies globally.
This includes:
- Providing an opinion on RBC's Technology risk posture.
- Developing Key Risk Indicators (KRIs) to measure and monitor Cyber & Technology Risk.
- Contributing to the development of enterprise policies and standards governing emerging technology risk.
As Second Line of Defense, the incumbent will lead a team working closely with the cyber and technology teams to provide an independent opinion on Cloud, AI, and Emerging Technology Risks, leveraging both quantitative (risk indicators) and qualitative methods. Additionally, the IT / Cyber role includes:
- Keeping abreast of new and emerging technologies, AI, and generative AI to strengthen the control environment.
- Oversight of cloud, technology architecture, AI and emerging technologies
- Oversight of blockchain, digital assets, wallet infrastructure, and blockchain-connected systems.
- Supporting Cyber and Technology Risk Management leadership in delivering oversight and challenge processes, developing and utilizing effective risk appetite metrics, and performing thematic reviews to identify potential risk areas and remediation recommendations.
What will you do? - Champion managing risk rather than risk avoidance by seeking solutions.
- Maintain knowledge of emerging technologies, threats/vulnerabilities, and risk management practices and their implications to the business platform.
- Leverage data-driven insights to provide opinions and challenge on key risk indicators.
- Support the completion of thematic reviews, scenario analysis, external event analysis, new change initiative assessments, and development of risk profiles for senior management, board, and regulators.
- Work closely with the first line to provide effective cyber and technology oversight and challenge on Risk and Control Self-Assessments, Operational Risk Event Reviews, IT Risk Assessments, and Integrated Risk Profiles to validate the business is operating within Risk Appetite.
- Maintain assigned Domain Risk Profiles to provide a strong fact-based opinion on the IT/Cyber Risk profile.
- Provide oversight and effective challenge on AI and generative AI IT/Cyber risks within the 2nd line of defense, including in-depth risk reviews of solutions and approaches being deployed.
- Oversee blockchain-related projects, ensuring alignment with regulatory and internal risk requirements.
- Monitor emerging blockchain threats and vulnerabilities, providing actionable insights to stakeholders.
- Develop and maintain key internal and external relationships to provide advice and oversight on standard compliance, support operational risk program adherence, and effective incident reporting.
- Support IT/Cyber-related regulatory examinations, requests, assessments, and reporting.
- Recommend changes to IT/Cyber policies and standards to maintain currency and relevance to Cloud, AI, emerging technologies, and blockchain-enabled platforms.
- Proactively manage complex and sometimes competing relationships with key local, regional, and global stakeholders.
What do you need to succeed?Must-have- 7-10 years of experience in cyber and technology security.
- 7-10 years of work experience in a mid-large size organization.
- 3-5 years as a Cloud Security professional.
- 3-5 years of hands-on application development experience.
- Strong knowledge of Cloud platforms and offerings, Cloud Risks, and Cloud application deployments.
- Expertise in Cloud and Blockchain Integration, including API security, data privacy, and hybrid cloud environments.
- Strong understanding of AI, generative AI, and machine learning concepts, including ML/AI model development and risk management best practices.
- Strong knowledge of IT security frameworks, regulations, and industry best practices.
- Proficiency in enterprise technology/security architecture.
- Expertise in blockchain architecture, governance models (e.g., DAOs), and cryptographic principles.
- Knowledge of digital asset custody, tokenized assets, and associated risks.
- Experience in managing a team.
- Education: Bachelor's Information Security / Information Technology / Computer Science or relevant experience.
Nice-to-have- Experience within Operational Risk.
- Experience in developing metrics (KRIs or KPIs).
- Experience working with cross-functional teams in agile environments.
- Familiarity with global and local regulations related to digital assets (e.g., AML, KYC, sanctions compliance).
- Knowledge of blockchain-specific attack vectors (e.g., 51% attacks, Sybil attacks, oracle manipulation).
- Certifications: CISSP, CRISC, CCSP, CCSK, AWS Security, Azure Security, CISM, CRISC, Certified Blockchain Security Professional (CBSP), Certified Blockchain Expert (CBE).
What's in it for you? - A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation
- Leaders who support your development through coaching and managing opportunities
- Work in a dynamic, collaborative, progressive, and high-performing team
- Opportunities to do challenging work
- Flexible work/life balance options
Job SkillsArtificial Intelligence (AI), Artificial Intelligence (AI) Governance, Blockchain Architecture, Blockchain Technology, Cloud Security, Cloud Solutions, Critical Thinking, Cyber Risks, Cybersecurity Controls, Cyber Security Management, Cybersecurity Risk Management, Decision Making, Detail-Oriented, Emerging Technologies, Information Security Management, Information Technology (IT) Risk, Information Technology (IT) Risk Management, Information Technology Security, Interpersonal Relationship Management, IT Security Architecture, Operational Risks, Performance Management (PM), Quantum Computing, Technology Risk
Additional Job DetailsAddress:20 KING ST W:TORONTO
City:Toronto
Country:Canada
Work hours/week:37.5
Employment Type:Full time
Platform:GROUP RISK MANAGEMENT
Job Type:Regular
Pay Type:Salaried
Posted Date:2026-05-29
Application Deadline:2026-06-15
Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above
