Senior Director, Risk Advisory – Technology (Global Security)

What is the opportunity?

The Senior Director, Risk Advisory –you will lead the development and execution of a comprehensive enterprise-wide technology risk advisory function that partners closely with the Chief Information Security Officer, control testing teams, issues management functions, and compliance. You will serve as RBC’s primary technical subject matter expert and advisor on emerging and complex technology risks—ensuring the organization maintains a robust control environment and meets regulatory expectations across all geographies and time zones.

In this role, you will champion risk management as a strategic enabler of business success, moving beyond traditional control functions. You will bridge technology risks, business objectives, and enterprise risk appetite to develop forward-looking strategies that anticipate emerging threats in AI, systems resilience, and data protection. By doing so, you will directly support RBC’s commitment to operational excellence, effective risk governance, and the continuous strengthening of global security.

What will you do?

• Risk Assessment Execution & Methodology: Conduct targeted, data-driven risk assessments across critical technology domains (AI/ML, systems architecture, data protection, cybersecurity, and third-party dependencies). Develop specialized methodologies for AI, architecture, and data protection risks, aligned with enterprise risk appetite and governance frameworks.

• Strategic Risk Management & Governance: Define assessment triggers, prioritization criteria, and roadmaps, while establishing a multi-year global technology risk strategy that balances mitigation with business objectives. Implement governance frameworks to ensure consistent, repeatable risk evaluation across the enterprise

• Strategic Partnership & Global Risk Coordination: Serve as a key strategic partner to regional IT risk leads across APAC, EU, and US, providing technical expertise and guidance on complex technology risk matters. Collaborate to coordinate global risk assessment initiatives while respecting regional regulatory requirements and risk management practic

• Threat Landscape Analysis & Incident Assessment: Lead external incident and threat analysis to identify emerging risks and attack patterns relevant to financial services. Conduct deep-dive reviews of external incidents ( AI system failures, data breaches, and architecture vulnerabilities) to evaluate their applicability and potential impact on RBC’s environment, technology, and AI/data ecosystems.

• Actionable Intelligence & Risk Mitigation: Produce threat intelligence and incident briefings for stakeholders, and coordinate response reviews and lessons-learned exercises to drive control improvements and risk mitigation strategies

• Executive Reporting & Regulatory Engagement: Develop executive-grade reporting packages for senior management and regulators, presenting global technology risk posture, trends, and mitigation progress. Lead the production of quarterly/annual risk management reports and regulatory submissions.

• Risk Prioritization & Monitoring: Drive data-driven prioritization of risk mitigation initiatives based on risk appetite and business priorities. Establish key risk indicators (KRIs) and performance metrics to enable proactive monitoring and early identification of emerging issues.

• Strategic Control Environment Enhancement: Identify opportunities to strengthen RBC’s global technology control environment, with a focus on AI governance, systems architecture resilience, and data protection frameworks. Design and advocate for control improvements aligned with business transformation, regulatory expectations, and industry best practices, while developing implementation guidelines that balance effectiveness, efficiency, and feasibility across the enterprise.

• Compliance & Regulatory Alignment: Collaborate with compliance functions to ensure technology risk assessments align with regulatory requirements, supporting governance, control documentation, and reporting. Coordinate on interpreting and implementing regulatory guidance for technology, cyber risk, AI governance, and data protection, while integrating compliance considerations into risk prioritization and control design decisions.

• Technical Risk Advisory Support: Offer expert guidance to issue owners throughout the remediation process, leveraging specialized knowledge in AI, systems architecture, and data protection to address technical risks effectively

What do you need to succeed?

Must have:

• Minimum 12+ years of progressive experience in technology risk management, IT governance, or risk advisory roles within large, regulated financial services organizations

• Demonstrated success leading or significantly influencing senior-level technology and risk management initiatives

• Deep understanding of financial services risk governance frameworks, regulatory expectations (including OSFI, NIST, and equivalent frameworks), and operational risk management

• Experience working in global organizations with multi-regional operating models, with demonstrated ability to work effectively across multiple geographies and time zones

• AI & Machine Learning Risk: Substantial hands-on experience with AI/ML systems, including understanding of model development, deployment, governance, bias detection, explainability challenges, and control frameworks specific to AI systems in financial services

• Systems Architecture Risk: Deep technical knowledge of enterprise systems architecture, cloud infrastructure, distributed systems, scalability, resilience, disaster recovery, and architectural design patterns as they relate to risk management

• Data Protection & Privacy: Comprehensive expertise in data governance, privacy frameworks (PIPEDA, GDPR equivalent), data classification, encryption, access controls, data retention policies, and privacy-by-design principles

• Broad technical knowledge across multiple additional technology domains including cybersecurity, software development, third-party risk management, and emerging technologies

• Strong understanding of IT risk frameworks, control design principles, and risk assessment methodologies

• Familiarity with enterprise risk management practices, risk appetite frameworks, and the Three Lines of Defense model

• Analytical & Strategic Capabilities- Experience developing and executing multi-year strategic plans and managing large-scale initiatives

• Leadership & Influence: Proven ability to serve as a trusted technical advisor to senior leaders on complex technology and risk matters. Strong negotiation and stakeholder management skills, with the ability to balance organizational priorities and risk considerations

• Excellent communication skills, with the ability to translate technical concepts into clear, actionable business insights for diverse audiences

• Ability to work effectively in ambiguity, prioritize competing demands, and drive collaboration in a matrixed organization
   

Nice to have:

• Industry certifications such as CISSP, CISM, CISA, or CRISC

• Certifications or demonstrated expertise in AI governance, responsible AI frameworks, or AI risk management

• Certifications or demonstrated expertise in systems architecture governance or enterprise architecture frameworks (TOGAF, ArchiMate)

• Certifications or demonstrated expertise in data protection frameworks (DPIA, data governance, privacy engineering)

• Background in conducting external incident analysis, threat intelligence, or cybersecurity advisory

• Experience designing and implementing risk data platforms or centralizing risk reporting functions
   

What’s in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference in our communities, and achieving mutual success

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable

• Leaders who support your development through coaching and managing opportunities

• Ability to make a difference and lasting impact

• Work in a dynamic, collaborative, progressive, and high-performing team

• Opportunities to do challenging work and take on progressively greater accountabilities
   

#LI-POST
#TECHPJ

Job Skills

Business Continuity and Disaster Recovery (BCDR), Cyber Security Management, Firewall Management, Information Security Auditing, Information Security Operation Center (ISOC), IT Network Security, Operational Delivery, Problem Management, Process Management, Threat Management

Additional Job Details

16 YORK ST:TORONTOTorontoCanada37.5Full timeTECHNOLOGY AND OPERATIONSRegularSalaried2026-03-182026-04-01

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Our Employment Opportunities

At RBC, we are guided by living shared values of Client First, Integrity, Collaboration, Respect and Excellence and winning together as One RBC. We believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.

RBC is presently inviting candidates to apply for this existing vacancy. Applying to this posting allows you to express your interest in this current career opportunity at RBC. Qualified applicants may be contacted to review their resume in more detail.