Job Description

Requisition ID: 176711

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose:

Contribute to the overall successful development and execution of a second line of defense program for Cyber Security and IT risk, performs assessments of risk management practices carried out by the first lines of defense, carries out quantitative analysis of threat and vulnerability scenarios which may impact global IT systems operation as well as business processes supporting the Bank\'s multiple delivery channels, ensuring all operates within the Bank\'s risk appetite levels for Cyber Security and IT services.

Contributes to the development, execution and ultimately the overall success of a second line of defence function within the Global Cyber Security and IT Risk Management Program.

Delivers challenge and independent assessment and oversight of risk management practices carried out by the first line of defence.

Ensure that the Bank\'s processes and controls relating to Cyber Security and IT Risks are sufficient to comply with regulatory requirements, internal policies and standards.

Key Accountabilities:

Delivers objective evaluation and oversight of risk management practices carried out by the first line of defence to ensure that the Bank\'s processes and controls relating to Cyber Security and IT Risks are sufficient to maintain the consistent operation of systems, the continuous availability and integrity of data and the confidentiality of sensitive information. The Bank\'s global IT operation consists of over 2000 applications and more than 250,000 technology components across various global sites which are security monitored through the Bank\'s centralized Security Operations Centre.

Guides IT, Security and other control functions on Cyber Security and IT Risk management processes, systems and procedures; reviews and provides advice relating to policies frameworks, standards and control objectives; and ultimately builds and sustains a risk aware culture.

Collaborates with internal and external partners to ensure information sharing and support complementary and contrasting risk oversight initiatives as appropriate

Key Traits

Influencing Ability

• Coaching and Mentoring
• Conflict Resolution and Negotiation
• Behavioural Change Management
• Communication
• Results Orientation

Risk Skills

• Cyber, Technological and Architectural/Strategic Risk Knowledge
• Data Aggregation and Analysis
• Decision Making and Judgement
• Puzzle Solvers

Business Acumen

• Industry Knowledge
• Strategic Awareness
• Commercial and Financial Awareness
• Regulatory Awareness
• Innovation and Continuous Improvement

Dimensions:

Cyber risk is a key priority for Scotiabank, and Scotiabank is committed to dealing with cyber risk issues efficiently and effectively. Based in Toronto with a significant amount of work performed remotely with other countries, majority of the work is performed via voice and video calls. The possibility of travel to global sites may be required although infrequent, will require the ability to travel without restrictions as necessary

• Demonstrated experience operating in day-to-day aspects of a dynamic team environment. Ability to work autonomously with accountability for work deliverables. Comfortable working with ambiguous and/or differing data points to create opinions. The ability to work well under pressure while maintaining a professional image.
• Able to convert technical information into operational risks and to communicate complex topics both orally and in written form. Must be detail-oriented and able to interact with other staff and clients, in person or by phone.
• Able to assess Architecture and Design artifacts such as an architecture reference document and technical requirements design document for each of the individual components, diagrams, and technical presentations.
• Able to search and monitor technology developments and industry trends, assess their applicability, functionality and reliability for the Bank, and recommend technologies that will enhance the Bank\'s cyber security and technology posture, productivity and the achievement of the business requirements and objectives
• Critical thinking, thought leadership, problem solving and creativity. Commitment to continued self-development of technical and non-technical knowledge
• Must possess strong communication (oral and written), listening, presentation & facilitation skills.
• Learning agility as evidenced by a commitment to continued self-development of business and technical knowledge.

Education / Experience:

• 3+ years of architecture, design and hands-on implementation experience.
• 5+ years experience in consulting and advisory roles. Experience in the Security and Information Technology Industry.
• 5+ years of experience with IT Operations, Information/Cyber security risk experience. Subject matter expertise is an asset.
• Demonstrated ability to analyze complex data to arrive at succinct messages and conclusions.
• Excellent interpersonal, leadership and relationship-building skills to deal with senior levels of management, local and remote business partners and regional risk teams.
• Solid understanding of key information security frameworks and regulations (including SoX, FISMA, NIST, PCI). Experience using COBIT, ITIL and other IT Operation specific industry frameworks. Experience using of GRC risk management tools. Professional certifications and membership of associations such as CRISC, CISA, CISSP, CISM, etc. are an asset.
• Bilingual in Spanish with superior oral and written skills is an asset.
• Master\'s degree or higher in science, technology, engineering, or mathematics is an asset

Location(s): Canada : Ontario : Toronto || Canada : Ontario : Ottawa

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please . Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Scotiabank