Third Party Security Risk Manager

Job Description

Being a traditional bank just isn’t our thing. We are big believers in innovating the banking experience because we believe Canadians deserve better options, and we challenge ourselves and our teams to creatively transform what’s possible in banking. Our team is made up of inquisitive and agile minds that find smarter ways of doing things. If you’re not afraid of taking on big challenges and redefining the future, you belong with us. You’ll get to work with people who will encourage you to reach new heights. We like to keep things fun, ask questions and learn together.

We are a big (and growing!) family. Overall we serve more than 670,000 people across Canada through Equitable Bank, Canada's Challenger Bank, and have been around for more than 50 years. Equitable Bank's wholly-owned subsidiary, Concentra Bank, supports credit unions across Canada that serve more than six million members. Together we have over $125 billion in combined assets under management and administration, with a clear mandate to drive change in Canadian banking to enrich people's lives. Our customers have named our EQ Bank digital platform (eqbank.ca) one of the top banks in Canada on the Forbes World's Best Banks list since 2021.

The Third-Party Security Risk Manager will work closely with the technology teams and line of business teams to mitigate the risk of security attacks emanating from partners, vendors, and other related third parties while enabling the business to grow the bank and serve our customers efficiently and securely.

1. Perform Third-Party security risk assessments
2. Monitor and report on third-party security risk action plans, engaging with third-party contacts as well as business stakeholders
3. Maintain third-party security risk management framework ensuring alignment with Risk management framework (2nd Line of defense) and Privacy requirements
4. Provide security input to third-party contracts by ensuring alignment with cyber security regulatory requirements and Company cyber security policies
5. Identify supplier related cyber risk threat scenarios and evaluate risk rating based on a thorough review of the third party’s security program and technical architecture
6. Monitor third-party compliance program, ensuring continuous compliance and evidence collection, validation, and recording

• A college diploma or university degree is required. Higher accreditation (e.g., Bachelor of Computer Science) is preferred.
• At least five (5) years of information security and information risk experience
• At least three (3) years of third-party risk management experience, including conducting third-party risk assessments
• Understanding of Cloud Shared responsibility models and risk mitigation approaches/techniques
• Experience in organization-wide/entity security risk assessments or audits
• Knowledge of security compliance frameworks such as PCI DSS, BSIMM, Cloud Security Alliance, NIST, ISO 27K series
• Understanding of Canadian Financial industry regulations relevant to third-party security and privacy expectations (e.g., OSFI, OPC)
• Certifications such as CCSP, CCSK, CISM, CISSP, CISA, or CRISC are preferred
• Experience in banking or financial services is an asset

• Work under the direct management of the Senior Manager, Information Security Risk Management, providing guidance to others in the department.
• Lead the formulation, development, and drafting of security policies, procedures, and relevant documents, ensuring stakeholder buy-in.
• Manage security risk throughout its lifecycle, from identification to remediation tracking.
• Ensure completeness and accuracy of compliance reports submitted by IT functions.
• Perform penetration testing as per plan, compile reports, and coordinate remediation efforts.
• Administer and improve GRC solutions, resolve stakeholder queries.
• Collaborate with internal and external audit and compliance teams.
• Ensure security controls are properly implemented and embedded within IT systems to mitigate cyber threats.

• Competitive bonus, RRSP match, comprehensive benefits, employee share purchase plan, and more.
• Support for professional development and career growth.
• A hybrid working model based at 2200-25 Ontario Street, Toronto, ON.

Equitable Bank values diversity and is committed to an inclusive work environment. We support accommodations for applicants and require successful background checks. We look forward to your application!