What You'll Be Doing

The Security Service Management (SSM) function within Cyber Security at CIBC is responsible for ensuring that critical web applications and digital services are protected by robust security controls, in accordance with enterprise frameworks and standards. SSM develops, operationalizes, and continuously improves security services-such as Akamai ION, Web Application Firewall (WAF), and other cloud-based security solutions-to identify vulnerabilities, enforce remediation, reduce risks, ensure regulatory readiness, and enable secure innovation across the bank. This Senior Consultant, Security Service Management will support CIBC's SSM practices by evaluating new security technologies (e.g., Akamai ION, WAF, DDoS mitigation), developing effective operational plans in partnership with business teams and other risk control groups, and providing security services to the enterprise. The position will be responsible for ensuring that all web-facing applications and services are appropriately risk-assessed, as required by the Risk Assessment Process. The Senior Consultant will work collaboratively with application development, network security, security engineering, and oversight bodies to ensure that all security testing requirements are adhered to and are effective in managing web application and network-related risks.

At CIBC, we foster an environment that enables you to thrive in your role. You'll have the flexibility to manage your work activities within a hybrid work arrangement where you'll spend 1-3 days per week on-site, with the remaining days remote.

How You'll Succeed

• Providing Solutions to Reduce Security Risk: Collaborate with risk management, application security, IAM, DLP, and network security teams to address web and network security needs, embed security features, and reduce operational pain points. Propose solutions to risk and control teams and contribute to enterprise security standards and educational resources.
• Lead the Evaluation and Integration of Security Technologies: Conduct market comparisons and vendor assessments for Akamai and other security platforms, manage vendor selection and proof-of-concept processes, and oversee RFI documentation. Set up testing environments and evaluate solutions for future rollouts.
• Ensure Applications Are Managed and Tested with High Assurance: Work with security vendors to develop and deploy controls that enable identification, assessment, and mitigation of web application and network risks. Ensure compliance with governance requirements and support CIBC's leadership in secure web and digital service delivery. Assist with ongoing risk reporting and reviews.
• Translate Research into Actionable Insights: Monitor and report on trends in web application and network security, document potential threats, and ensure new security features address emerging risks. Develop and refine security processes and tools, and operationalize security controls within the application lifecycle and runtime environments.
• Ignite Innovation: Evaluate the latest features in Akamai ION, WAF, and related services. Support the development and adoption of strategies and success metrics, and actively participate in all security service meetings.
• Develop and Maintain Comprehensive Documentation: Create essential documentation such as RACI matrices, operational processes, playbooks, and procedures for WAF policy management, incident response, and runtime protection. Define workflows, scanning frequency, issue review protocols, and escalation paths for risk assessment. Collect and analyze health check metrics to measure service improvement, maintain backlogs based on service capabilities, and develop data flow diagrams from an architectural perspective. Manage the ServiceNow Catalogue for access and identify new roles for security configuration management. Oversee the end-to-end risk management process for WAF and Akamai ION requests. Ensure enterprise standards are updated with the latest security control requirements and facilitate discussions with stakeholders to finalize all processing documentation.
• Enable Automation: Identify and document opportunities for automation to reduce human effort in testing and assessment processes, and track expected outcomes such as hours saved within operations.

Who You Are

• You can demonstrate 5+ years of experience in Security operations and hands-on experience in Akamai ION, WAF, DDoS mitigation, and web application security controls. You understand the production lifecycle and have assessed controls and evidence in regulated environments. You are familiar with NIST, ISO/IEC security standards, and can embed new processes to reduce application and network risk in financial services, translating requirements into pragmatic, auditable security controls. You apply data protection, threat mitigation, security-by-design, and third-party risk practices to safeguard clients and the bank, and support positive outcomes for society.
• You have a degree/diploma in relevant field (e.g., Computer Science, Engineering, Information Security, Risk Management). Certifications such as CISSP, CISM, or Akamai certifications are assets.
• Your influence makes a difference. You know that relationships and networks are essential to success. You inspire outcomes by sharing your expertise.
• You act like an owner. You thrive when you're empowered to take initiative, go above and beyond, and deliver results.
• You embrace and advocate for change. You continuously evolve your thinking and the way you work in order to deliver your best.
• You look beyond the moment. You know what you do will make a difference today and tomorrow. You look for new opportunities to define what's possible.
• Values matter to you. You bring your real self to work and you live our values - trust, teamwork, and accountability.

#LI-TA

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.
• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.
• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

Job Location
Toronto-141 Bay, 17th Floor

Employment Type
Regular

Weekly Hours
37.5

Skills
Application Security, Business Operations, Cybersecurity, Information Security, Network Security, Security Service