What is the opportunity?

As the Director Global IT Risk – APAC, you will be responsible for providing leadership on Cyber and IT Risk for the APAC region – this focuses on enabling enterprise Cyber and IT Risk to execute consistently in the APAC region.

What will you do?

• Develop and own the regional IT and Cyber Risk strategy. Manage and measure how IT Risk capabilities and services are delivered, driving enterprise consistency and ensuring regional needs are achieved and Executives receive input and support required to be well informed on IT Risk and Cyber.
• Develop and implement IT Asset Identification and Risk metrics for the region and its subsidiaries, ensuring the model approach to achieve is enabled and operated by the enterprise team using standard, approved logic and data sets.
• Drive input into the regional Technology Risk Committee and where approved by the MD IT Risk, define additional MI reporting , create, manage and present to other committees and forums, as requested by regional senior leadership.
• Build a strong understanding of core products, services and threats associated for the region working in partnership with the regional CISO team. Ensuring a clear understanding of how IT Risk and Cyber would function in different risk scenarios based on the regional hosting model (locally hosted, vs global dependencies)
• Act as a security advisor/ambassador across business platforms in region, identifying IT Risk issues and partnering with functional heads in technology, group risk management, compliance and privacy to define and implement solutions.
• Interact daily across all businesses on the full range of IT Risk matters, providing guidance and support where necessary (or engaging broader GS services for support)
• Escalate, manage and report control issues succinctly with clarity and transparency.
• Engage with regulators and audit teams on regional assessments ensuring high caliber capability is provided driving confident engagement, and high quality, accurate outputs.
• Operate as the focal leader for IT Risk, but where necessary other security services – build strong relationships across a complex geographic scope and time zone differences.
• Operate as the focal leader partnering with the regional SOC when Canada is offline, and the UK is online and APAC incidents or material events have occurred.
• Provide training and awareness, as directed by the enterprise awareness team on IT Risk matters.

What do you need to succeed?

Must-have

• University degree, or equivalent combination of education and cyber security experience.
• 10+ years of proven cyber security experience (ideally at a consulting or ‘broad and shallow’ not deep SME level).
• 3+ years’ experience in IT Risk management role (ideally 1 or 2 LoD), risk and reg impact analysis, and metrics.
• 5-10 years in financial services or other regulated industries, with a strong understanding of regional IT, cyber regulations and first-hand experience of regulatory examinations.
• Demonstrated ability to build sustainable, effective relationships / partnerships, with the ability to influence action by other teams across a matrix organization and different time zones.
• Strong team leadership and people skills.
• Able to build and drive IT strategies in region, ensuring these are consistent with the Enterprise.
• Performance driven negotiator and influencer.
• Strong collaborative mindset.
• Willingness to take cross-platform approach.
• Self-starter – able to work with minimal direction.

Nice-to-have

• IT Risk experience over certifications.

What’s in it for you?

We thrive on the challenge to be our best - progressive thinking to keep growing and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses, flexible benefits and competitive compensation
• Leaders who support your development through coaching and managing opportunities
• Opportunities to work with the best in the field
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• A world-class training program in financial services.

RBC is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants for employment without regard to race, colour, religion, sexual orientation, gender identity, age, disability or any other legally-protected factors.

Agency Notice

RBC Group does not accept agency resumés. Please do not forward resumés to our employees, nor any other company location. RBC Group only pay fees to agencies where they have entered into a prior agreement to do so and in any event do not pay fees related to unsolicited resumés. Please contact the Recruitment function for additional details.

Job Skills

Critical Thinking, Cyber Risks, Cybersecurity, Cyber Security Management, Decision Making, Detail-Oriented, Information Security Management, Information Technology Security, Interpersonal Relationship Management, IT Security Architecture, Performance Management (PM), Technology Risk

Additional Job Details

25 MARTIN PLACE:SYDNEYSydneyAustralia38Full timeRegularSalaried2025-09-182025-10-18

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Inclusion and Equal Opportunity Employment

At RBC, we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.