Senior Security Consultant

Description:

As a Senior Consultant, Cryptographic Service Management, you will join CIBC's Information Security department to play a critical role in shaping and evolving the enterprise-wide cryptographic strategy. This position focuses on ensuring the security and resilience of CIBC’s cryptographic services, including Hardware Security Modules (HSMs), key management, x.509 certificates, Public Key Infrastructure (PKI), cryptographic standards, and preparing for the Post-Quantum Cryptography (PQC) era. Your work will directly contribute to protecting Our Bank, Our Clients, and Our Employees by embedding security into the lifecycle of applications and data across the enterprise. You will act as a liaison between technology and business teams, serving as a subject matter expert (SME) for all things cryptography. You will also provide strategic insights, report on service performance using Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), and ensure the department’s cryptographic services align with enterprise goals and industry best practices.

At CIBC we enable the work environment most optimal for you to thrive in your role. You’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-3 days per week on-site, while other days will be remote.

How You’ll Succeed

Cryptographic Expertise: Manage and oversee the development and maintenance of strategic roadmaps for the domain of Data Security, leveraging deep knowledge of cryptographic technologies, including HSMs, key management, x.509 certificates, PKI, and cryptographic standards. Collaborate with various stakeholders to gather requirements, develop business cases, and lead subsequent projects (including POCs) to support the strategy. Maintain a continuous improvement mindset, evaluating and implementing new cryptographic technologies such as Post-Quantum Cryptography to address emerging threats and enhance the security of the domain. Provide guidance on the secure design, implementation, and operation of cryptographic services across the enterprise. Direct the review, development, testing, and implementation of cryptographic security plans, products, and control techniques
Communication and Leadership: Build and present documentation to executive management and leadership teams, effectively conveying complex cryptographic concepts, strategies, and the benefits of proposed security programs. Provide awareness and training to application development teams on cryptographic services, data protection, and industry best practices. Assess business needs against potential risks and communicate recommendations to enhance the organization’s information security landscape. Demonstrate exceptional collaboration and stakeholder management skills to drive alignment across diverse teams.
Advisory and Relationship Management: Act as a trusted advisor within the broader team, influencing application development, operational, and infrastructure teams to integrate cryptographic security controls into their design, and product delivery. Stay abreast of the latest threat landscape, proactively assessing emerging threats and their impact on organizational security posture. Maintain relationships with peers from other banks and manage vendor relationships for security services and tools within the Cryptographic Services domain.
Analytical and Security Knowledge: Define and report on KPIs and KRIs to measure cryptographic service performance and risk. Apply strong problem-solving skills to analyze complex security challenges and propose effective solutions. Demonstrate a thorough understanding of enterprise security frameworks, data protection, risk management principles, and regulatory requirements and industry standards related to cryptographic security. Act as a security ambassador, advocating for cryptographic best practices and influencing infrastructure and application design activities.

Who You Are

You can demonstrate senior-level experience in cryptographic security concepts. You have implemented cryptographic solutions and methodologies to ensure the secure design of applications and the protection of sensitive data. You have been a key contributor to, or have led, cryptographic security initiatives such as encryption of data (at rest, in transit, and in use), as well as key management and cryptographic controls. You possess a strong understanding of data governance, data privacy, and regulatory requirements related to cryptography. You bring a passion for cryptographic security, vulnerability management, and adherence to industry cryptographic standards and best practices. You can identify needs and contribute to governance initiatives by bringing expertise gained in the Cryptography field around practical security governance, in the development of CIBC policies, standards, procedures, and guidelines
You can demonstrate technical expertise in support of all activities, processes, procedures and tools related to cryptographic services. You have experience with key and certificate management systems, protocols, processes as well as cryptographic hardware such as Hardware Security Modules (HSMs).
You’re a certified professional. You have current accreditation and good standing CISSP, CISA, or CISM designation.
You have a degree/diploma in Computer Science, Engineering, or a related field.
Your influence makes a difference. You know that relationships and networks are essential to success. You inspire outcomes by sharing your expertise. 
You know that details matter. You notice things that others don't. Your critical thinking skills help to inform your decision making. 
Values matter to you. You bring your real self to work, and you live our values - trust, teamwork, and accountability.
Due to the nature of this role, a criminal record check will need to be completed at least annually for the purpose of enhanced screening.**