Third Party Security Risk Manager

Join a Challenger

Being a traditional bank just isn’t our thing. We are big believers in innovating the banking experience because we believe Canadians deserve better options, and we challenge ourselves and our teams to creatively transform what’s possible in banking.

Our team is made up of inquisitive and agile minds that find smarter ways of doing things. If you’re not afraid of taking on big challenges and redefining the future, you belong with us. You’ll get to work with people who will encourage you to reach new heights. We like to keep things fun, ask questions and learn together.

We are a big (and growing!) family. Overall we serve more than 670,000 people across Canada through Equitable Bank, Canada's Challenger Bank, and have been around for more than 50 years. Equitable Bank's wholly-owned subsidiary, Concentra Bank, supports credit unions across Canada that serve more than six million members. Together we have over $125 billion in combined assets under management and administration, with a clear mandate to drive change in Canadian banking to enrich people's lives. Our customers have named our EQ Bank digital platform one of the top banks in Canada on the Forbes World's Best Banks list since 2021.

The Third-Party Security Risk Manager will work closely with technology and business teams to mitigate security risks from partners, vendors, and third parties, while enabling the bank to grow securely and efficiently.

1. Perform third-party security risk assessments.
2. Monitor and report on third-party security risk action plans, engaging with stakeholders.
3. Maintain the third-party security risk management framework aligning with risk management and privacy requirements.
4. Provide security input to third-party contracts, ensuring compliance with cybersecurity regulations and policies.
5. Identify supplier-related cyber risk scenarios and evaluate risk ratings based on security programs and architecture.
6. Monitor third-party compliance programs, ensuring continuous compliance and evidence management.

• A college diploma or university degree; higher accreditation preferred.
• At least five years of information security and risk experience.
• At least three years of third-party risk management experience.
• Understanding of cloud shared responsibility models and risk mitigation techniques.
• Experience with security frameworks like PCI DSS, NIST, ISO 27K, etc.
• Knowledge of Canadian financial regulations relevant to third-party security and privacy.
• Preferred certifications include CCSP, CISSP, CISM, etc.
• Experience in banking or financial services is an asset.

The incumbent will work under the Senior Manager, Information Security Risk Management, leading and guiding the department, developing security policies, managing security risks, ensuring compliance, performing penetration testing, and liaising with audit and compliance teams.

• Competitive bonus and RRSP match.
• Comprehensive benefits including health, dental, vision, life, and disability insurance.
• Employee Share Purchase Plan.
• Maternity/Parental leave top-up.
• Generous vacation and personal days.
• Virtual events and professional development allowances.
• Hybrid work model based at 2200-25 Ontario Street, Toronto.