Job Description

Requisition ID: 169697

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.
Purpose
This role leads and oversees the overall success of first line Technology as well as IT Risk and Resiliency ensuring specific individual goals, plans, initiatives are executed / delivered in support of IT&S and the businesses strategies and objectives. Is responsible to build robust IT Risk related controls and processes and ensure they are maintained and adhered to in the assigned IT portfolio. Directly support the relevant SVP/CIO and VPs of IT Risk to collaboratively assess, evaluate and quantify IT risk, design controls and assist in their implementation within the business line. Act in the line of defense as IT Risk Management (1B) to ensure implementation of initiatives in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

Accountabilities

• Champion a customer focused culture to deepen relationships with Sr. leadership, peers, and functional groups by leveraging IT and/or risk expertise.

• 
  Provide the 1st Line of Defense (1B) function in technology with ongoing guidance to support the implementation of, and compliance to, established IT Standard, Policies, Procedures, regulatory and cyber requirements through active engagement, guidance and counselling.

• 
  Provide direction to 1st Line of Defense (1A) teams, Risk owners, to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems.

• 
  Act as a primary interface and conduit between the 1A risk owners and other risk groups or advisors in various business areas (Internal Controls, Audit, Cyber Security, Privacy) to spearhead the facilitation and execution of risk management activities.

• 
  Manage IT Risk identification, assessment, prioritization for relevant business areas. Ensures observations, issues and outputs are tracked and actioned. Support IT risk control testing and monitoring and help Risk Owners with remediation plans.

• 
  Partner with and face other risk groups to assess, implement and communicate new/updated risk controls, frameworks, policies, risk indicators, metrics and limits.

• 
  Oversee analyses of systems or asset data and deliver monthly / quarterly reporting for senior management, Internal Controls, Operational Risk or 1A stakeholders.

• 
  Develop reports or presentations to deliver updates on KPIs and KRIs. Develop or manage programs to establish KRI performance within the bank\xe2\x80\x99s risk tolerance. Prioritize risk activities, ensure timely remediation and escalate when necessary.

• 
  Co-ordinate SOX control testing. Facilitate evidence collection and escalate conflicts or roadblocks to relevant SME to ensure control testing is completed as per schedule. Prepare quarterly SOX attestations.

• 
  Evangelize for IT Risk and promote a strong risk culture in partnership with the risk owners.

• 
  Actively pursue effective and efficient operations of his/her respective areas, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational risk, regulatory compliance risk, AML/ATF risk and conduct risk, including but not limited to responsibilities under the Operational Risk Management Framework, Regulatory Compliance Risk Management Framework, AML/ATF Global Handbook and the Guidelines for Business Conduct.

• 
  Champion a high-performance environment and implement a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment, communicating vison/values/business strategy and managing succession and development planning for the team.

• 
  Understand how the Bank\xe2\x80\x99s risk appetite and risk culture should be considered in day-to-day activities and decisions.

• 
  Creates an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank\xe2\x80\x99s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.

• Builds a high performance environment and implements a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vison/values/business strategy; and, managing succession and development planning for the team.

Education / Experience

• 
  Candidates should have a breadth of IT, and/or non-financial Risk management experience (governance, operations, audit, control functions, compliance, risk management) over 7+ years.

• 
  Candidates require strong leadership, communication (both verbal and written) and judicious influencing capability, supported by well-developed logical and judicious thinking competencies. Proficient written and verbal communication required at all levels of the organization is essential.

• 
  Requires expert IT Risk management experience in 5+ areas including but not limited to; systems design, security, availability/stability/resiliency, disaster recovery, third party risk management, change management, release management, audit, regulatory risk, logical access, software currency. Exposure to cloud controls would be an asset.

• 
  Knowledge of global banking businesses including related systems, procedures, regulations expected. Additional merit awarded for experience in relevant portfolio business line.

• 
  Ability to balance contesting or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and highly developed negotiation project management, governance and influencing skills.

• 
  Strong PPT presentation design and delivery expected as part of the leadership team. Data Analytics and Visual dashboarding would be desirable.

• 
  Knowledge or understanding of Risk / Control frameworks is desirable (ITIL, ISO, COBIT, NIST).

• 
  Advanced degree in Computer Science, Engineering, Business Commerce or equivalent experience. Additional relevant Certifications would be an asset - ITIL V3 Foundation Cert. in ITSM, COBIT, CRISC, CISSP.

Working Conditions

• Work in a standard office-based environment; non-standard hours are a common occurrence. Your portfolio may dictate working hours aligned to other geographies and time zones
• Travel to International locations may be required 10-15 days per annum.

#LI-Hybrid #scotiatechnology
Location(s): Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.