Cyber Third-Party Risk Specialist
Take a central role
The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment.
Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.
With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers: Working Here - Bank of Canada
Find out more about the next steps in our Recruitment process.
In addition to the position being staffed, this competition may be used to fill similar opportunities (Regular or Term) that become available at the same job grade. If you’re interested in this type of role, we encourage you to apply.
About this opportunity
Help build the next generation of cyber resilience at the Bank. Join the Bank’s Cyber Security team to work on high-priority technical initiatives that strengthen how we detect, respond to, and recover from cyber threats in a rapidly evolving environment.
Join the Cyber Security Assurance team within the Information and Technology Services (ITS) department, where you will play a key role in strengthening the Bank’s cyber resilience by advancing how third-party risks are assessed and managed. You will contribute to the evolution of assessment methodologies that address increasingly complex supplier, cloud, AI and emerging technology risks.
What you will do
Working closely with cross-functional partners, including procurement, business owners, legal, privacy, cyber security and technology teams, you will support secure supplier onboarding, ongoing monitoring, and the management of supply-chain risk. Your work will directly influence how the Bank identifies, assesses, and mitigates cyber risks across its third-party ecosystem.
More specifically, you will:
- Modernize vendor assessment and develop risk hypotheses methodologies to better address evolving risks from emerging technologies, including AI, software supply chains, and fourth-party ecosystems.
- Define assessment requirements and assurance techniques for supplier security controls.
- Analyze trends in supplier assessment findings to identify systemic risks and recommend control improvement.
- Research and evaluate new assurance methods, control evidence models, and industry practices.
- Provide guidance for assessing cloud, SaaS, AI, managed service, and critical supplier relationships
- Analyze security attestations, certifications, control evidence, and technical documentation to evaluate supplier security posture.
- Support cyber incident investigations involving suppliers by delivering risk analysis assessment expertise.
- Contribute to the continuous improvement of third-party risk management processes, tools, and assessment capabilities.
What you need to succeed
Demonstrated excellent communication skills, both written and verbal, with the ability to effectively manage stakeholders and handle escalations. Brings a process-driven, proactive approach as a self-starter and innovative problem solver, while contributing positively with collaborative team environment. Remains current on emerging cyber security technologies (e.g., Quantum, GenAI) and the evolving threat landscape to support informed and adaptive decision-making.
More specifically, from a technical perspective: Understanding of third-party and security risk frameworks, such as NIST
- Experience reviewing or interpreting security attestations and certifications (SOC 2, ISO 27001, CSA STAR, PCI-DSS).
- Knowledge of Canadian data residency and data sovereignty requirements.
- Working knowledge of common threat models and security risks (MITRE ATT&CK, OWASP Top 10).
- Ability to analyze complex information, define problems, and provide clear, logical recommendations.
Nice-to-have
- Experience as a third-party assessor, internal/external auditor, or consultant supporting public sector organizations or Crown corporations.
- Relevant certifications such as CISSP, Security+, CCSA, CISA, GCCC, or GCED.
Education and experience
This position requires a university degree or college diploma in computer science, systems engineering, cybersecurity, or a related discipline, and a minimum of 6 years of recent and relevant experience.
Experience should demonstrate your ability to assess technical and non-technical risks, interpret security controls, work with cross-functional stakeholders, and provide clear guidance on complex security issues.
An equivalent combination of education and professional experience may also be considered.
Innovative Mindset
We value candidates who demonstrate adaptability, curiosity, and a willingness to learn new technologies, including AI and digital tools. We seek individuals who can think critically about data, question existing processes, and find ways to simplify our work while embracing change and new ways of doing things.
Language requirement
The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. Although the position language requirement is English or French essential, we do encourage everyone to improve their second language proficiency for future career growth and to contribute towards fostering a bilingual environment.
What you need to know
- Priority will be given to Canadian citizens and permanent residents
- Security level required: Be eligible to obtain Secret
- There will be no relocation assistance provided
- Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.
- The official title for this position is “Senior IT Security Assessment Specialist”
Hybrid Work Model
The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a portion of each month as part of the Bank’s hybrid work model, and they are expected on site at the Bank location a minimum of 12 days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.
What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider.
- Salaries are based on qualifications and experience and typically range from $111,051 to $130,649 (job grade 17)
- The Bank offers an incentive for successfully meeting expectations at 7 to 10% of your base salary. The Bank offers additional performance pay (5%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
- Flexible and comprehensive benefits so you can choose the level of health and dental coverage that meets your needs
- Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
- Option to join the indexed, defined-benefit pension plan after 24 consecutive months of service
We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.
