Director Cyber and Technology Risk - Cloud, Architecture, Emerging Technologies

Job Description

What is the opportunity?

As part of the Group Risk Management (GRM) Enterprise Resilience Risk team, the Director, Cyber & Technology Risk will be responsible for providing Cyber and IT Risk Management subject matter expertise in the form of oversight and challenge to the first line of defense operating teams in the areas of AI, technology architecture, cloud, and emerging technologies globally.

This includes:

• Providing an opinion on RBC's Technology risk posture.
• Developing Key Risk Indicators (KRIs) to measure and monitor Cyber & Technology Risk.
• Contributing to the development of enterprise policies and standards governing emerging technology risk.

As Second Line of Defense, the incumbent will lead a team working closely with the cyber and technology teams to provide an independent opinion on Cloud, AI, and Emerging Technology Risks, leveraging both quantitative (risk indicators) and qualitative methods. Additionally, the IT / Cyber role includes:

• Keeping abreast of new and emerging technologies, AI, and generative AI to strengthen the control environment.
• Oversight of cloud, technology architecture, AI and emerging technologies
• Oversight of blockchain, digital assets, wallet infrastructure, and blockchain-connected systems.
• Supporting Cyber and Technology Risk Management leadership in delivering oversight and challenge processes, developing and utilizing effective risk appetite metrics, and performing thematic reviews to identify potential risk areas and remediation recommendations.

What will you do?

• Champion managing risk rather than risk avoidance by seeking solutions.
• Maintain knowledge of emerging technologies, threats/vulnerabilities, and risk management practices and their implications to the business platform.
• Leverage data-driven insights to provide opinions and challenge on key risk indicators.
• Support the completion of thematic reviews, scenario analysis, external event analysis, new change initiative assessments, and development of risk profiles for senior management, board, and regulators.
• Work closely with the first line to provide effective cyber and technology oversight and challenge on Risk and Control Self-Assessments, Operational Risk Event Reviews, IT Risk Assessments, and Integrated Risk Profiles to validate the business is operating within Risk Appetite.
• Maintain assigned Domain Risk Profiles to provide a strong fact-based opinion on the IT/Cyber Risk profile.
• Provide oversight and effective challenge on AI and generative AI IT/Cyber risks within the 2nd line of defense, including in-depth risk reviews of solutions and approaches being deployed.
• Oversee blockchain-related projects, ensuring alignment with regulatory and internal risk requirements.
• Monitor emerging blockchain threats and vulnerabilities, providing actionable insights to stakeholders.
• Develop and maintain key internal and external relationships to provide advice and oversight on standard compliance, support operational risk program adherence, and effective incident reporting.
• Support IT/Cyber-related regulatory examinations, requests, assessments, and reporting.
• Recommend changes to IT/Cyber policies and standards to maintain currency and relevance to Cloud, AI, emerging technologies, and blockchain-enabled platforms.
• Proactively manage complex and sometimes competing relationships with key local, regional, and global stakeholders.

What do you need to succeed?

Must-have

• 7-10 years of experience in cyber and technology security.
• 7-10 years of work experience in a mid-large size organization.
• 3-5 years as a Cloud Security professional.
• 3-5 years of hands-on application development experience.
• Strong knowledge of Cloud platforms and offerings, Cloud Risks, and Cloud application deployments.
• Expertise in Cloud and Blockchain Integration, including API security, data privacy, and hybrid cloud environments.
• Strong understanding of AI, generative AI, and machine learning concepts, including ML/AI model development and risk management best practices.
• Strong knowledge of IT security frameworks, regulations, and industry best practices.
• Proficiency in enterprise technology/security architecture.
• Expertise in blockchain architecture, governance models (e.g., DAOs), and cryptographic principles.
• Knowledge of digital asset custody, tokenized assets, and associated risks.
• Experience in managing a team.
• Education: Bachelor's Information Security / Information Technology / Computer Science or relevant experience.

Nice-to-have

• Experience within Operational Risk.
• Experience in developing metrics (KRIs or KPIs).
• Experience working with cross-functional teams in agile environments.
• Familiarity with global and local regulations related to digital assets (e.g., AML, KYC, sanctions compliance).
• Knowledge of blockchain-specific attack vectors (e.g., 51% attacks, Sybil attacks, oracle manipulation).
• Certifications: CISSP, CRISC, CCSP, CCSK, AWS Security, Azure Security, CISM, CRISC, Certified Blockchain Security Professional (CBSP), Certified Blockchain Expert (CBE).

What's in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation
• Leaders who support your development through coaching and managing opportunities
• Work in a dynamic, collaborative, progressive, and high-performing team
• Opportunities to do challenging work
• Flexible work/life balance options

Job Skills

Artificial Intelligence (AI), Artificial Intelligence (AI) Governance, Blockchain Architecture, Blockchain Technology, Cloud Security, Cloud Solutions, Critical Thinking, Cyber Risks, Cybersecurity Controls, Cyber Security Management, Cybersecurity Risk Management, Decision Making, Detail-Oriented, Emerging Technologies, Information Security Management, Information Technology (IT) Risk, Information Technology (IT) Risk Management, Information Technology Security, Interpersonal Relationship Management, IT Security Architecture, Operational Risks, Performance Management (PM), Quantum Computing, Technology Risk

Additional Job Details

Address:

20 KING ST W:TORONTO

City:

Toronto

Country:

Canada

Work hours/week:

37.5

Employment Type:

Full time

Platform:

GROUP RISK MANAGEMENT

Job Type:

Regular

Pay Type:

Salaried

Posted Date:

2026-05-29

Application Deadline:

2026-06-15

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Our Employment Opportunities

At RBC, we are guided by living shared values of Client First, Integrity, Collaboration, Respect and Excellence and winning together as One RBC. We believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.

Join our Talent Community
Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.
Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com.

RBC is presently inviting candidates to apply for this existing vacancy. Applying to this posting allows you to express your interest in this current career opportunity at RBC. Qualified applicants may be contacted to review their resume in more detail.