Cybersecurity Risk Advisor
Industry: Financial Services
Location: Toronto. Hybrid: 1 day in office per week
Duration of Contract/Perm: 6 month rolling contract
Hours/week: 37.5
Start date: January 2026
Job Overview
As the Cyber Security Risk Advisor, you’ll work in a growing area of the bank that manages operational risk, regulatory supervision, standardized testing, security monitoring, and incident management for the Cybersecurity function. As part of the Business Controls CGC team, you’ll lead the management of material, systemic, and emerging risks related to cybersecurity (e.g., identity and access management, data protection, threat monitoring, vulnerability management, and incident response). You’ll develop and implement integrated control improvement solutions across all cybersecurity processes and platforms. You’ll manage key controls to mitigate operational and security exposures and potential losses, and support the Control Framework to ensure compliance with regulatory, legislative, and operational requirements, including efficient remediation of deficiencies. You’ll act as the key relationship manager for the cybersecurity business.
Responsibilities
· Relationship Building/Management – Manage key relationships and collaborate with cybersecurity leaders, technology partners, and 2nd and 3rd Lines of Defence (LOD) on all matters relating to operational and security risk. Represent Business CGC on key cybersecurity initiatives.
· Communication – Effectively communicate about all pillars (e.g., Control Framework and Operational Risk) supported by Business CGC with internal and external partners across all organizational levels.
· Risk Assessment/Remediation – Work closely with cybersecurity teams to proactively identify risk exposures and control gaps. Analyze security incidents, root causes, and materiality, and propose recommendations to mitigate risks. Lead Incident Reporting investigations and Change Initiative Risk Assessments (CIRA), ensuring compliance with policy. Manage deficiencies and implement remediation plans for targeted control gaps.
· Risk Consulting – Act as a risk and control Subject Matter Expert (SME), providing expert advice to cybersecurity partners. Lead Internal Audits and Compliance exams, manage self-assessment processes, and participate in complex governance and regulatory projects.
· Analytical – Proactively identify and analyze security risk exposures and control gaps, assess deficiencies, and recommend solutions.
· Control Framework Execution – Ensure cybersecurity partners understand Control Framework requirements. Lead completion of all requirements, including RCSA, Scenarios, Deficiency Management, Key Risk Indicators, incident reporting, and RCIs. Act as SOX Officer/Maintenance Officer (SOMO) for Operational Process Controls (OPC) and Regulatory Compliance Management (RCM) controls. Develop reporting and summarize control testing results for executive reviews.
· Influence/Negotiation – Provide peer mentoring and indirect leadership through influencing, coaching, and negotiation with cybersecurity partners and Lines of Defense.
Qualifications
· Experience – You have experience in governance, controls, compliance, and/or operational risk management in the banking/financial services sector.
· Knowledge – You understand cybersecurity processes and frameworks, including identity management, threat detection, vulnerability management, and incident response. You have extensive knowledge of risk management, audit, and regulatory compliance principles.
· Relationship Builder – You find meaning in relationships and build trust through respect and authenticity.
· Influential – You inspire outcomes by sharing your expertise and leveraging networks.
· Analytical Thinker – You enjoy investigating complex problems and communicating insights clearly.
· Detail-Oriented – You notice what others miss and apply critical thinking to decision-making.
· Values-Driven – You live values such as trust, teamwork, and accountability.
EEO Employer
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at employeeservices@apexsystemsinc.com or 844-463-6178.178.
