Third Party Security Risk Manager

Join a Challenger

Being a traditional bank isn’t our thing. We believe in innovating the banking experience because Canadians deserve better options. Our inquisitive and agile team finds smarter ways of doing things. If you’re not afraid of big challenges and redefining the future, you belong with us. We encourage growth, fun, questions, and learning together.

We are a growing family serving over 670,000 people across Canada through Equitable Bank, Canada's Challenger Bank, with over 50 years of history. Our digital platform, eqbank.ca, has been named one of the top banks in Canada on the Forbes World's Best Banks list since 2021.

The Third-Party Security Risk Manager will work with technology and business teams to mitigate security risks from partners and vendors, enabling secure growth and service delivery.

1. Perform third-party security risk assessments.
2. Monitor and report on third-party security risk action plans, engaging with stakeholders.
3. Maintain the third-party security risk management framework, ensuring alignment with risk and privacy standards.
4. Provide security input to third-party contracts, ensuring compliance with cybersecurity regulations and policies.
5. Identify supplier-related cyber risks and evaluate based on security programs and architecture.
6. Monitor compliance programs, ensuring ongoing evidence collection and validation.

• A college diploma or university degree; higher accreditation preferred.
• At least 5 years in information security and risk management.
• At least 3 years in third-party risk management, including assessments.
• Understanding of Cloud shared responsibility models and risk mitigation.
• Experience with security frameworks like PCI DSS, NIST, ISO 27K, etc.
• Knowledge of Canadian financial regulations (OSFI, OPC).
• Certifications such as CCSP, CISSP, CISM are preferred.
• Experience in banking or financial services is an asset.

• Lead and guide the security risk management team.
• Develop and implement security policies and procedures.
• Manage security risks throughout their lifecycle.
• Ensure compliance reporting accuracy.
• Perform penetration testing and manage vulnerability tracking.
• Administer GRC solutions and improve processes.
• Coordinate with audit and compliance teams.
• Ensure security controls are properly implemented and embedded.

• Competitive bonus and RRSP match.
• Comprehensive benefits: medical, dental, vision, life, disability.
• Employee Share Purchase Plan.
• Maternity/Parental top-up.
• Generous vacation and personal days.
• Virtual events and professional development.
• Opportunity to innovate in banking technology.

The role is hybrid, based at 2200-25 Ontario Street, Toronto, ON.

We are committed to inclusion and accessibility. Please inform us of any accommodations needed during the recruitment process. Candidates will undergo background and credit checks. We look forward to learning about you!