CIBC

Sr. Security Service Manager, Application Security

CIBC$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years experience in application security and vulnerability management
  • Proficient in security testing methodologies such as SAST, DAST, and SCA
  • Certifications like CISSP, CISA, or CISM are preferred
  • Familiarity with DevSecOps is an asset
  • Strong analytical and critical thinking skills
  • Excellent communication and relationship management abilities

Responsibilities

  • Drive the development of Application Security strategy and governance
  • Oversee implementation and enhancement of security testing processes
  • Measure and report effectiveness of security testing initiatives
  • Prepare compelling documentation for executive leadership
  • Advise teams on integrating security into development workflows
  • Manage security risks in applications and provide prioritized remediation solutions

Benefits

  • Competitive salary and incentive pay
  • Comprehensive benefits program and defined benefit pension plan
  • Employee share purchase plan
  • Flexible work arrangements with a hybrid model
  • Opportunities for growth such as Purpose Day for personal development
  • Engaging workplace culture that encourages teamwork and innovation
Full Job Description
What you will be doing

As a Senior Security Services Manager, Application Security, you will play a pivotal role in advancing CIBC's enterprise-wide Application Security program. Your primary focus will be to strengthen application security testing capabilities and to ensure that security and protection are integrated throughout the development lifecycle of all applications and the lifecycle of all data across the enterprise. Your efforts will directly contribute to safeguarding our clients, employees, and the bank, while supporting CIBC's commitment to a flexible and empowering work environment.

At CIBC we enable the work environment most optimal for you to thrive in your role. You will have the flexibility to manage your work activities within a hybrid work arrangement where you will spend 1-3 days per week on-site, while other days will be remote.

How you will succeed
  • Strategic Leadership and Governance - You will drive the creation and ongoing refinement of the Application Security strategy, with a particular emphasis on advancing security testing methodologies and tools. This role requires strong cross-functional collaboration to gather requirements, develop business cases and lead projects, including proof of concepts, in the capacity of a product owner. Having a continuous improvement mindset is essential, as you will be responsible for identifying and implementing opportunities to enhance both security testing processes and operational efficiency within the domain.
  • Security Testing and Assessment - You will oversee the implementation, management, and continuous improvement of security testing services, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). You will measure and report on the effectiveness of these activities to ensure comprehensive coverage and timely remediation of identified vulnerabilities. Additionally, you will conduct regular reviews and analysis of testing results, trends, and emerging threats, using these insights to inform and strengthen risk mitigation strategies.
  • Communication and Advocacy - You will prepare and delivery clear, compelling documentation and presentations to executive leadership, effectively articulating the value and necessity of security testing initiatives. You will also drive awareness and provide training to application development teams, ensuring they understand the importance and effective use of security testing tools and processes. Your role will include evaluating business needs against current and emerging risks and providing actionable recommendations to strengthen the organization's security posture.
  • Advisory and Relationship Management - You will act as a trusted advisor to application development, operations, and infrastructure teams, guiding them to integrate security testing into their workflows and prioritize remediation efforts based on risk. You will oversee the identification, assessment and management of security risks and design flaws in key applications, offering practical and prioritized solutions. Staying current with the evolving threat landscape and cultivating partnerships with industry peers and vendors will be essential to ensuring CIBC remains at the forefront of application security.


Who You Are
  • You can demonstrate experience in Application Security, Vulnerability Management, and data security standards and best practices. You bring senior-level experience in application security, such as managing SAST, SCA, DAST, or similar security services. It is considered an asset if you have DevSecOps knowledge and experience. You can demonstrate experience in dynamic and static application security testing, penetration testing, web application firewalls, runtime protection, mobile application security, and broader threat and vulnerability management capabilities.
  • You are a certified professional and it is considered an asset if you hold a CISSP, CISA, or CISM designation in good standing.
  • You are passionate about people. You find meaning in relationships and surround yourself with a diverse network of partners. You connect with others through respect and authenticity.
  • You give meaning to data. You enjoy investigating complex problems and making sense of information. You communicate detailed information in a meaningful way.
  • You know that details matter. You notice things that others do not. Your critical thinking skills help to inform your decision making.
  • You embrace and champion change, continually evolving your approach to deliver your best work.
  • Values matter to you. You bring your real self to work, and you live our values - trust, teamwork, and accountability.


#LI-TA

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.
  • We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.
  • Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.
  • We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.


*Subject to plan and program terms and conditions

Job Location
Toronto-81 Bay, 18th Floor

Employment Type
Regular

Weekly Hours
37.5

Skills
Analytical Thinking, Application Security, Application Security Testing, Collaboration, Communication, Continual Improvement Process, Continuous Improvement, Critical Thinking, Dynamic Application Security Testing (DAST), Group Problem Solving, Information Security, Network Operations, Security Operations, Security Risk Assessment, Security Service, Security Standards, Security Strategy, Security Testing, Static Application Security Testing (SAST), Teamwork, Technical Knowledge, Vulnerability Management

About CIBC

The Canadian Imperial Bank of Commerce is a Canadian multinational banking and financial services corporation headquartered in Toronto, Ontario. The bank is headquartered at Commerce Court in the city's Financial District. CIBC's Institution Number is 010, and its SWIFT code is CIBCCATT. It is one of two Big Five banks founded in Toronto, the other being the Toronto-Dominion Bank. The Canadian Imperial Bank of Commerce was formed through the June 1, 1961, merger of the Canadian Bank of Commerce and the Imperial Bank of Canada, the largest merger between chartered banks in Canadian history. The bank has four strategic business units: Canadian Personal and Business Banking, Canadian Commercial Banking and Wealth Management, U.S. Commercial Banking and Wealth Management, and Capital Markets. It has international operations in the United States, the Caribbean, Asia, and United Kingdom; Globally. CIBC serves more than eleven million clients, and has over 40,000 employees. The company ranks at number 172 on the Forbes Global 2000 listing.
Learn more about CIBC
Market Cap
$43.5 billion
Industry
Founded
1867
5 Year Trend
+8.8%

Similar Jobs

More Jobs at CIBC

More Information Technology Jobs

Find similar Sr. Security Service Manager, Application Security jobs: