JobWings Logo
RBC logo

Senior Director, Vendor IT Risk Management (Global Security)

RBCabout 24 hours ago
Toronto, Ontario, Canada
Senior Level
Full-Time

Top Benefits

Bonuses
Flexible Benefits
Competitive Compensation

About the role

Job Description What is the opportunity? The Senior Director, Vendor IT Risk Management (Global Security) is a strategic leadership position responsible for driving the management and evolution of core third party IT risk practices at RBC. This role sits within the Global Cyber Security (GCS) Global IT Risk team and focuses on identifying, assessing, and advising on risks resulting from RBC’s third-party supply chain management engagements, considering safety, soundness, resiliency, risk, and compliance to RBC practices, policies, and guidelines. As Senior Director, you will lead a team of direct reports and indirect reports and manage the enterprise-wide third-party supply chain management assessment program that covers all technology-related supplier engagements across RBC. You will serve as a subject matter expert in third party supply chain management risk and partner with other RBC risk teams, senior leadership, and staff to drive change and effectively manage risks in an open, collaborative environment to further mature the business risk culture. The is responsible for transforming third party IT Risk practices to be more proactive, leveraging new technologies including Artificial Intelligence to enhance third party IT risk due diligence capabilities and increase coverage of suppliers while gaining insights to ensure risks are effectively identified. What will you do? Core Third Party Supply Chain Management & IT Risk Management- Contract Reviews: Participate in contract reviews to ensure appropriate IT risk-related clauses exist that support the organization’s right to review/audit the security practices of its third parties SOC Reviews: Participate in SOC (Qualified Opinion) reviews as required and provide appropriate guidance to risk owners on control effectiveness and risk implications M&A IT Risk Assessments: Complete comprehensive IT risk assessments for mergers and acquisitions, evaluating technology risks, integration challenges, and control environments Define and advance third-party risk management maturity across the enterprise, establishing centralized standards while adapting to emerging risks and evolving organizational capabilities Third Party Reporting and Analytics: Assist with the creation of third-party presentations, KRIs, KPIs and associated materials, and risk summaries for senior management and Board committees Third Party Control Assessments & Continuous Monitoring- Lead the enterprise-wide third-party control assessment program for all technology-related supplier engagements across RBC Establish and maintain standardized assessment frameworks covering cybersecurity, data protection, operational resilience, and technology governance domains Advisory Services to Supplier Management Offices (SMOs)- Provide strategic third-party supply chain management advisory support to internal Supplier Management Offices across all business units and functions Develop risk guidance, best practices, and decision-making frameworks that enable SMOs to make informed supplier selection and management decisions Partner with SMOs on contract negotiations to ensure appropriate risk management clauses and control requirements are incorporated Process Development & Tools Enhancement- Leverage Artificial Intelligence and advanced analytics to increase supplier coverage, automate risk scoring, and generate predictive insights Design and deploy data-driven risk identification capabilities that enable proactive risk management and early warning systems Manage complex stakeholder relationships across business units, including Procurement, GCS Teams, GRM Cyber and Technology Risk, Compliance, Legal, Privacy, BCM, Third Party Risk, SMO, and Lines of Business Provide support, expertise, feedback, coaching, and development to build the capability of more junior staff, and promote a mindset for sustained success, growth, and diversity within the team What do you need to succeed? Must have: 10+ years of experience in cyber security/third party IT risk with demonstrated progression to senior management roles, highly skilled at managing vendor/supplier relationships and service delivery partnerships Highly skilled at navigating complex risk trade-offs—including vendor criticality assessment, data availability challenges, model risk, and control adequacy determinations—while balancing risk protection with business enablement 10+ years of cyber security, data protection, operational resilience, and technology governance 10+ years executing transformation initiatives that evolve third-party supply chain management practices from reactive to proactive models. With experience implementing AI and advanced analytics in risk management, to enable teams through technological and process innovation while sustaining operational excellence SOC Reviews & Risk Assessments: 10+ years of experience conducting SOC reviews and comprehensive IT risk assessments for mergers and acquisitions, with demonstrated ability to evaluate technology risks, integration challenges, and control environments while providing strategic guidance to risk owners on control effectiveness and risk implications Third-Party Risk Reporting & Executive Communication: 10+ years of experience developing third-party risk presentations, KRIs, KPIs, and risk summaries for senior management and Board committees, with proven ability to translate complex risk data into actionable intelligence for executive stakeholders Deep experience with Cyber Security Frameworks - NIST, ISO 27001, with comprehensive knowledge of third-party risk assessment methodologies, control frameworks, and industry standards Exceptional ability to influence and collaborate with senior leaders, business partners, and external stakeholders Nice to have: ISACA approved certifications together with other cyber security bodies or technical qualifications (CISSP preferred) Experience with AI implementation in risk management domains Advanced education in business, risk management, technology, or related field What’s in it for you? We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual. A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable Leaders who support your development through coaching and managing opportunities Ability to make a difference and lasting impact Work in a dynamic, collaborative, progressive, and high-performing team Opportunities to do challenging work Opportunities to take on progressively greater accountabilities Access to a variety of job opportunities across business #LI-POST #TechPJ Job Skills Business Analytics, Decision Making, Financial Risk Management (FRM), Operational Delivery, Quality Management, Results-Oriented, Risk Management, Strategic Thinking Additional Job Details Address: 16 YORK ST:TORONTO City: Toronto Country: Canada Work hours/week: 37.5 Employment Type: Full time Platform: TECHNOLOGY AND OPERATIONS Job Type: Regular Pay Type: Salaried Posted Date: 2026-07-13 Application Deadline: 2026-08-04 Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above Our Employment Opportunities At RBC, we are guided by living shared values of Client First, Integrity, Collaboration, Respect and Excellence and winning together as One RBC. We believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all. Join our Talent Community Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you. Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com. RBC is presently inviting candidates to apply for this existing vacancy. Applying to this posting allows you to express your interest in this current career opportunity at RBC. Qualified applicants may be contacted to review their resume in more detail. Royal Bank of Canada is a global financial institution with a purpose-driven, principles-led approach to delivering leading performance. Our success comes from the 84,000+ employees who bring our vision, values and strategy to life so we can help our clients thrive and communities prosper. As Canada’s biggest bank, and one of the largest in the world based on market capitalization, we have a diversified business model with a focus on innovation and providing exceptional experiences to more than 16 million clients in Canada, the U.S. and 34 other countries. Learn more at rbc.com.‎ We are proud to support a broad range of community initiatives through donations, community investments and employee volunteer activities. See how at rbc.com/community-social-impact.

About RBC

Banking

Similar Jobs