Overview

We're building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what's right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute. To learn more about CIBC, please visit CIBC.com.

What you'll be doing

CIBC's Technology Infrastructure and Innovation (TI&I) spans Technology, Information Security, Deposit Operations, Loan Operations, Payment Operations, Data Management Office, Corporate Real Estate, Corporate Security, Procurement, Operational Resilience, and Risk & Governance. TI&I drives operational excellence by managing the technology and operations required to run the bank, enabling transformation through innovation, and supporting growth objectives with flawless execution of strategic initiatives.

The Governance and Oversight team within TI&I operates as a First Line team in the Three Lines of Defense model, enabling risk discipline, business resiliency, and value creation while strengthening the CIBC Risk Management Framework.

As Director, Governance & Controls, you will be a key leader within the US TI&I organization, reporting to the Head of Governance & Oversight. You will be responsible for designing, implementing, and continuously enhancing governance, risk, and control frameworks for our US Technology and Information Security (IT/IS) functions. This role is integral to maintaining a robust risk culture, ensuring regulatory compliance, and driving operational resilience in a complex, fast-paced environment.

Details on your work arrangement (proportion of on-site and remote work) will be discussed at the time of your interview.

Responsibilities

• Strategic Leadership & Advisory: Serve as a trusted advisor to stakeholders, providing proactive guidance on risk management, control design, and compliance with organizational policies, regulatory requirements, and industry standards. Lead the development and execution of GRC strategies aligned with CIBC's risk appetite and US regulatory expectations (FFIEC, GLBA, NYDFS, NIST, COBIT, ISO). Act as a thought leader, driving control maturity and operational risk alignment across the organization.
• Governance, Risk & Controls: Oversee the identification, assessment, escalation, and mitigation of IT/IS risks, ensuring alignment with enterprise risk frameworks. Oversee the implementation of effective controls, ensure integration into business processes and technology systems. Conduct regular reviews of controls to assess impact of changes in processes, new projects, and emerging risks. Maintain oversight of the global control environment impacting IS/IT, ensuring alignment with broader risk objectives and US regulatory requirements. Design and implement continuous control monitoring and assurance programs, leveraging data analytics and automation. Conduct risk assessments and ensure integration of controls into business and technology processes. Perform validation and quality assurance reviews of issues, ensuring proper risk management practices and closure in line with 2nd Line of Defense guidance. Monitor and report on key risk and control metrics to senior leadership with actionable insights.
• Regulatory Compliance & Engagement: Maintain deep knowledge of US and global regulatory requirements, ensuring frameworks and practices remain current and compliant. Support regulatory exams, internal audits, and industry assessments, ensuring timely resolution of findings and corrective actions.
• Continuous Improvement & Innovation: Drive continuous improvement initiatives, leveraging emerging technologies and industry trends to strengthen the control environment. Foster a culture of innovation, risk awareness, and accountability across the team and broader organization.
• Stakeholder Engagement & Relationship Management: Build and maintain strong relationships with internal and external stakeholders, including auditors, regulators, and industry associations. Collaborate across the three lines of defense to maintain a robust control framework and foster a culture of sustainable continuous improvement and innovation; ensure clear roles, responsibilities, and effective partnership. Prepare and present risk and control reports to executive management, regulators, and external stakeholders.
• Team Leadership: Lead, mentor, and develop a high-performing, diverse team, fostering an inclusive culture of risk awareness and driving collective success.

How you'll succeed

• Governance, Risk & Controls (GRC): Proactively identify, assess, and manage risks, ensuring controls are designed and implemented to mitigate those risks effectively. Maintain a forward-looking view of the control environment, staying informed on regulatory changes, emerging risks, and industry best practices.
• Advisory & Thought Leadership: Provide expert guidance to IS/IT teams on risk management, control design, and compliance. Apply advanced concepts to drive control maturity and alignment with operational risk standards.
• Continuous improvement: Inspire a culture of continuous improvement by leveraging leadership behaviors, innovative methods, and enabling technologies. Drive initiatives that enhance the efficiency, effectiveness, and sustainability of the control environment.
• Communication: Exhibit strong verbal and written communication skills. Deliver insights and recommendations to diverse audiences, including senior leadership, regulators, and external stakeholders. Translate complex data into actionable insights.
• Business Acumen: Demonstrate understanding of control frameworks, regulations, management control environments, audit, policies and standards, business processes, and industry guidance.
• Relationship Building: Build trust and credibility with stakeholders through expertise and collaboration. Foster an inclusive environment that drives collective success.
• Collaboration & Partnership: Establish and maintain an operating model with IS/IT, 2LOD, 3LOD, and Enterprise partners to support strong collaboration with clearly defined roles and responsibilities.

Who you are

• You are an experienced risk leader with at least 10 years in technology risk management, cybersecurity, or controls within a large financial institution. GSIB experience preferred. Proven track record of developing and leading GRC strategies.
• You are a regulatory and industry expert with deep knowledge of US and global requirements and standards (FFIEC, GLBA, NYDFS, NIST, COBIT, ISO). Experience managing regulatory exams and audits; relevant certifications (CISA, CRISC, CISSP, CISM).
• You are a strategic and analytical thinker who sees the big picture and develops long-term plans aligned with goals. Excels at analyzing complex situations to drive decisions.
• You are a problem solver and innovator who approaches challenges with creativity and resourcefulness, delivering practical, innovative solutions.
• You are data-driven and a strong communicator who interprets complex data and communicates insights to diverse audiences.
• You are a champion of change who evolves thinking and working methods to deliver results.
• You are a caring and accountable leader who develops others and drives inclusive, collaborative success.
• You are a collaborative relationship builder who thrives in a team, building constructive relationships and fostering trust.
• You are detail-oriented and use critical thinking to inform risk and control processes.
• Values matter to you. You bring your real self to work and live our values of trust, teamwork, and accountability.

California residents - your privacy rights regarding your actual or prospective employment

At CIBC, we offer a competitive total rewards package. This role has an expected salary range of $165,000- $200,000. The successful candidate may participate in the relevant incentive plan, including discretionary bonus. We offer benefits including Medical, Dental, Vision, HSA, Life Insurance, Disability, Paid Time Off, Holidays, and 401(k).

*This job is not eligible for employment sponsorship*

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities. We aspire to give you a career, not just a paycheck.

• Competitive salary and incentive pay, banking benefits, benefits program, vacation, wellbeing support, and MomentMakers recognition.

• Innovative spaces and toolkit to collaborate and create solutions for clients.

• Purpose Day - a paid day off for growth and development.

*Subject to plan terms

What you need to know

• We are committed to inclusion and accessibility. If you need accommodation, contact (see below)

• You must be legally eligible to work at the location and may need a work or study permit.

• We may ask you to complete assessments and tests as part of the process to learn about you and the company.

Job Location IL-Illinois - Virtual

Employment Type Regular

Weekly Hours 40

Skills Accountability, Collaboration, Communication, Continuous Improvement, Decision Making, Fostering Collaboration, Informed Decision Making, Leadership, Operational Excellence, People Management, Regulatory Compliance, Risk Management