Director, Governance & Controls – Information Technology & Information Security

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

What you'll be doing 

CIBC’s Technology Infrastructure and Innovation (TI&I) business spans Technology, Information Security, Deposit Operations, Loan Operations, Payment Operations, Data Management Office, Corporate Real Estate, Corporate Security, Procurement, Operational Resilience, and Risk & Governance. TI&I drives operational excellence by managing the technology and operations required to run the bank, enabling transformation through innovation, and supporting growth objectives with flawless execution of strategic initiatives.  

The Governance and Oversight team within TI&I operates as a First Line team in the Three Lines of Defense model, enabling risk discipline, business resiliency, and value creation while strengthening the CIBC Risk Management Framework. 

 As Director, Governance & Controls, you will be a key leader within the US TI&I organization, reporting to the Head of Governance & Oversight. You will be responsible for designing, implementing, and continuously enhancing governance, risk, and control frameworks for our US Technology and Information Security (IT/IS) functions. This role is integral to maintaining a robust risk culture, ensuring regulatory compliance, and driving operational resilience in a complex, fast-paced environment.  

At CIBC we enable the work environment most optimal for you to thrive in your role.  Details on your work arrangement (proportion of on-site and remote work) will be discussed at the time of your interview

• Strategic Leadership & Advisory : Serve as a trusted advisor to stakeholders, providing proactive guidance on risk management, control design, and compliance with organizational policies, regulatory requirements, and industry standards.  Lead the development and execution of GRC strategies aligned with CIBC’s risk appetite and US regulatory expectations (FFIEC, GLBA, NYDFS, NIST, COBIT, ISO). Act as a thought leader, driving control maturity and operational risk alignment across the organization. 

• Governance, Risk & Controls  : Oversee the identification, assessment, escalation, and mitigation of IT/IS risks, ensuring alignment with enterprise risk frameworks. Oversee the implementation of effective controls, ensuring they are integrated into business processes and technology systems. Conduct regular reviews of controls to assess the impact of changes in business processes, new projects, and emerging risks. Maintain oversight of the global control environment impacting IS/IT, ensuring alignment with CIBC’s broader risk management objectives and US regulatory requirements. Design and implement continuous control monitoring and assurance programs, leveraging data analytics and automation to enhance oversight.  Conduct comprehensive risk assessments and ensure integration of effective controls into business and technology processes. Perform validation and quality assurance reviews of issues, ensuring proper risk management practices and closure in accordance with 2nd Line of Defense (LOD) guidance. Monitor and report on key risk and control metrics to senior leadership, providing actionable insights and recommendations. 

• Regulatory Compliance & Engagement : Maintain deep knowledge of US and global regulatory requirements, ensuring frameworks and practices remain current and compliant.  Support regulatory exams, internal audits, and industry assessments, ensuring timely resolution of findings and implementation of corrective actions. 

• Continuous Improvement & Innovation : Drive continuous improvement initiatives, leveraging emerging technologies and industry trends to strengthen the control environment. Foster a culture of innovation, risk awareness, and accountability across the team and broader organization. 

• Stakeholder Engagement & Relationship Management : Build and maintain strong relationships with internal and external stakeholders, including auditors, regulators, and industry associations. Collaborate across the three lines of defense to maintain a robust control framework and foster a culture of sustainable continuous improvement and innovation; ensuring clear roles, responsibilities, and effective partnership. Prepare and present risk and control reports to executive management, regulators, and external stakeholders. 

• Team Leadership :Lead, mentor, and develop a high-performing, diverse team, fostering an inclusive culture of risk awareness and driving collective success. 

How you’ll succeed 

• Governance, Risk & Controls (GRC): Proactively identify, assess, and manage risks, ensuring controls are designed and implemented to mitigate those risks effectively. Maintain a forward-looking view of the control environment, staying informed on regulatory changes, emerging risks, and industry best practices. 

• Advisory & Thought Leadership: Provide expert guidance to IS / IT teams on risk management, control design, and compliance. Act as a thought leader, applying advanced concepts to drive control maturity and alignment with operational risk standards. 

• Continuous improvement – Inspire a culture of continuous improvement by leveraging leadership behaviors, innovative methods, and enabling technologies. Drive initiatives that enhance the efficiency, effectiveness, and sustainability of the control environment. 

• Communication – Exhibit strong verbal and written communication skills. Deliver insights and recommendations in a manner that resonates with diverse audiences, including senior leadership, regulators, and external stakeholders. Translate complex data and findings into actionable insights that drive decision-making. 

• Business Acumen – Demonstrate a strong understanding of control frameworks, regulations, management control environments, audit, corporate policies and standards, business processes, and new industry-level guidance. 

• Relationship Building – Build trust and credibility with stakeholders by demonstrating expertise, authenticity, and a collaborative approach. Foster an inclusive and collaborative environment that drives collective success. 

• Collaboration & Partnership – Establish and maintain a strong operating/engagement model with the IS/IT organization, 2LOD, 3LOD, and Enterprise partners as the foundation to a strong collaborative partnership with clearly defined roles and responsibilities. 

Who you are 

• You are an experienced risk leader with a minimum of 10 years of progressive experience in technology risk management, cybersecurity, or controls implementation within a large, complex financial institution (GSIB experience preferred). You have a proven track record of developing, leading, and executing GRC strategies in a technology-driven environment. 

• You are a regulatory and industry expert with deep knowledge of US and global regulatory requirements and industry standards (FFIEC, GLBA, NYDFS, NIST, COBIT, ISO). You have experience managing regulatory exams, audits, and industry assessments, and hold relevant certifications such as CISA, CRISC, CISSP, or CISM. 

• You are a strategic and analytical thinker who sees the big picture, anticipates future trends, and develops long-term plans that align with organizational goals. You excel at analyzing complex situations, identifying opportunities and risks, and making informed decisions that drive sustainable success. 

• You are a problem solver and innovator who approaches challenges with creativity and resourcefulness. You develop original solutions that address issues effectively and drive continuous improvement, thriving in dynamic environments and leveraging new ideas to deliver impactful results. 

• You are data-driven and a strong communicator who interprets and analyzes complex data, communicating detailed information in a meaningful way. You leverage data analysis and visualization to provide insights and recommendations to diverse audiences. 

• You are a champion of change who continuously evolves your thinking and working methods to deliver optimal results. You are flexible and able to pivot easily in response to shifting priorities. 

• You are a caring and accountable leader who is passionate about developing and coaching others to bring out their best. You have experience leading diverse, high-performing teams and driving collective success through collaboration and inclusion. 

• You are a collaborative relationship builder who thrives in a team environment, leveraging the power of collaboration to achieve shared goals. You excel at building constructive and collaborative relationships, inspiring outcomes, and fostering trust through respect and authenticity. 

• You are detail-oriented and notice things that others don't, using critical thinking skills to inform decision-making and ensure the integrity of risk and control processes. 

• Values matter to you. You bring your real self to work, and you live our values - trust, teamwork, and accountability 

California residents — your privacy rights regarding your actual or prospective employment

At CIBC, we offer a competitive total rewards package. This role has an expected salary range of $165,000- $200,000 for the market based on experience, qualifications, and location of the position (salary range varies based on the location which will be discussed at the time of the interview). The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which may also include a discretionary bonus component. CIBC offers a full range of benefits and programs to meet our employee’s needs; including Medical, Dental, Vision, Health Savings Account, Life Insurance, Disability, and Other Insurance Plans, Paid Time Off (including Sick Leave, Parental Leave and Vacation), Holidays and 401(k), in addition to other special perks reserved for our team members. #LI-TA

*This job is not eligible for employment sponsorship*

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.

• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

• CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact [email protected]

• You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

• We may ask you to complete an attribute-based assessment and other skills tests (such as simulation, coding, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.

Job Location

IL-Illinois - Virtual

Employment Type

Regular

Weekly Hours

40

Skills

Accountability, Collaboration, Communication, Continuous Improvement, Decision Making, Fostering Collaboration, Informed Decision Making, Leadership, Operational Excellence, People Management, Regulatory Compliance, Risk Management