Senior Analyst, IT Risk (Global Security)

Job Summary

The Senior Analyst, IT Risk will perform risk-based testing activities that independently evaluate the design and effectiveness of IT controls and further assist with the enhancement and execution of the IT Control Testing and Monitoring. This role will primarily support the identification and mitigation of IT and regulatory risks and operational issues and will also assist in the maintenance of operational and IT control procedures. This is an advanced senior professional with wide- ranging experience who uses professional concepts to resolve complex issues. Serves as an expert in their own discipline or area of specialization. This dynamic position provides opportunities for working across the organization.

Job Description

What Will You Do?

• Internal Control Testing: Participate in all phases of the internal control monitoring process, including planning, testing, evaluating risk, identifying mitigating controls, developing conclusions, writing reports, and maintaining work papers.

• Execute Control Testing: Perform risk-based control assessments to evaluate the design, implementation, and operating effectiveness of IT and Operational Controls. Document test work while adhering to quality standards, procedures, and organizational best practices. Responsible for executing Control Assessments (i.e., Testing) of Technology and Operation’s [T&O’s] first line Key Controls across various domains (including Cyber security, Cloud Operations, Service and Capacity management, Network Operations). May act as designated lead tester/reviewer of control testing engagements.

• Conduct Concurrent Control Testing Engagements: Collaborate internally and externally across multiple concurrent testing engagements of varying complexity, ensuring they are completed efficiently and within timelines. Identify potential issues, conflicts, and risks, and escalating as necessary.

• Control Testing Reporting: Analyze, aggregate, and articulate the results, issues, and recommendations related to control testing activities or other control monitoring activities and regulatory exams.

• Stakeholder Collaboration: Establish and maintain strong working relationships across business units and platforms. Collaborate with various groups to define and achieve deliverables, acting as a trusted advisor on control documentation and testing.

• Control Deficiency Management: Coordinate with stakeholders to log, manage, and track control deficiencies. Assess remediation plans to ensure they are designed to effectively reduce risk and verify that corrective actions are implemented according to plan.

• Subject Matter Expertise: Serve as a trusted advisor, advising stakeholders on control documentation and testing, ensuring compliance with organizational policies, regulatory requirements, and industry standards.

• Stay Informed: Maintain a thorough understanding of external technology and cybersecurity trends, emerging technologies, and internal technology and cyber risk management approaches. Collaborate with other teams on IT risk-related initiatives to provide guidance and ensure the organization's risk posture aligns with its overall risk appetite. Maintain thorough understanding of organization's governing policies and standards, IT control testing methodologies, and related regulatory and compliance standards

What You Need to Succeed? Must have:

• Educational Background & Certifications: Degree in Computer Science, Engineering, or a related field is required. Either CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Security Auditor), or CISSP (Certified Information Systems Security Professional) is preferred.

• Experience: Minimum of 5 years’ experience in Information/Cyber Security, IT Risk Management, IT Operations, or Technology, with at least 3 years focused on controls testing, internal audit, quality control, risk management, or compliance. Ideally, within the financial services industry, a public accounting firm, or a financial institutions regulator.

• Technical Proficiency: A strong understanding of technology and cyber risk management is crucial. Experience with IT risk management practices is highly valued.

• Project Management & Organizational Skills: Strong organizational, project management, and time management capabilities are essential. You must be deadline-driven and results-oriented, able to consistently meet high-quality standards while managing multiple tasks and deadlines.

• Communication Skills: Demonstrated excellence in both written and oral communication is a must. You should be proficient in effectively and timely communicating with stakeholders, understanding their information and communication needs, and presenting information clearly and persuasively.

• Analytical Thinking: Strong analytical and rational thinking, supported by solid writing skills are essential for documenting and communicating test work effectively. You should be able to grasp stakeholder expectations and align your communication accordingly.

• Industry Insight: An understanding of the financial services industry or technology sector, coupled with a familiarity with regulatory environments, will greatly enhance your ability to succeed in this role.

Nice-to-have:

• A strong understanding of financial services industry and experience with Compliance and Industry framework such as ISO27001, NIST 800-53, NIST CSF, NIST 800-171, COBiT etc.

• Knowledge of OSFI, FINRA, SEC, MSRB, FRBNY and OCC rules and regulations.

• Strong knowledge of rules, regulations and compliance requirements for the financial services industry concerning hybrid cloud and multiple technology domains specific to the areas of oversight.

• Working experience in cybersecurity and/or IT risk management spaces.

• Big Four (4) IT risk consulting and/or audit experience.

What's In It For You?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable.

• Leaders who support your development through coaching and managing opportunities

• Ability to make a difference and lasting impact.

• Work in a dynamic, collaborative, progressive, and high-performing team

• A world-class training program in financial services

• Flexible work/life balance options.

• Opportunities to do challenging work.

#LI-Hybrid

#LI-POST

Job Skills

Analytical Thinking, Confidentiality, Control Monitoring, Controls Testing, Cyber Security Management, Cybersecurity Risk Management, Decision Making, Detail-Oriented, Documentations, Encryption Software, Group Problem Solving, High Impact Communication, Information Security Management, Information Technology (IT) Risk, Information Technology (IT) Risk Management, Information Technology Auditing, Information Technology Compliance, Information Technology General Controls (ITGC), Information Technology Security, Internal IT Audit, IT Compliance Audit, Risk Assessments, Risk Management, Teamwork

Additional Job Details

Address:

335 8 AVE SW:CALGARY

City:

CALGARY

Country:

Canada

Work hours/week:

37.5

Employment Type:

Full time

Platform:

TECHNOLOGY AND OPERATIONS

Job Type:

Regular

Pay Type:

Salaried

Posted Date:

2025-05-08

Application Deadline:

2025-06-16

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Inclusion and Equal Opportunity Employment

At RBC, we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.

Join our Talent Community

Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.

Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com.