Senior Technology Controls Analyst

Job Description

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients. At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute. To learn more about CIBC, please visit CIBC.com Summary: The Senior Technology Controls Analyst is a critical member of the US Technology Regulatory & Controls first line of defense team, responsible for maintaining a comprehensive inventory and evaluation of VPM services, ensuring standards compliance, supporting control documentation, and facilitating effective reporting and governance. This role collaborates across Technology Operations, Affiliate Management, second and third lines of defense, and governance forums to uphold regulatory requirements and drive continuous improvement in patch management processes. What You'll Be Doing: Develop and maintain a comprehensive inventory of Vendor Patch Management (VPM) services utilized by the US, ensuring all services and associated service level agreements (SLAs) are accurately documented within Intercompany Agreements (ICAs). Assess and enhance the current VPM SLA inventory in collaboration with Technology Operations, ensuring SLAs reflect agreed-upon quality and performance thresholds and support service delivery standards. Create and update SLAs and ICAs as needed, partnering with Affiliate Management to ensure accuracy and completeness. Ensure agreed metrics and thresholds are reported accurately in monthly ICA Executive Governance meetings; assist in the development, ingestion, and reporting of metrics within MIRDS (Metrics, Indicators, Risk Data Store). Develop, update, and document control procedures, supporting control testing and reporting on control effectiveness, and ensure controls are accurately included in process documentation. Act as key audit liaison on behalf of the US Technology Regulatory and Controls team Monitor and report on breaches, ensure timely communication of incidents, and review all artifacts prior to submission for quality, completeness, and regulatory compliance. Help identify and support remediations as needed, US Technology status updates, and program development sessions. Prepare and deliver reports for deficiency meetings and other governance forums. Uphold standards, provide feedback, and support ongoing uplift and improvement initiatives. Qualifications / Skills: Experience in vulnerability management, regulatory controls, or technology operations. Strong understanding of SLAs, ICAs, and governance processes. Excellent communication, documentation, and organizational skills. Ability to work collaboratively across teams and manage multiple priorities. What CIBC Offers At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportun

Required Skills