Job Description

Requisition ID: 175766

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.
The Team
Scotiabank\xe2\x80\x99s Cloud Security Advisory Services team is responsible for providing advisory services to business lines, subsidiaries and affiliates enabling the achievement of the Bank\'s Information Security as it continues to moves to the Public Cloud.
The Role
The Senior Manager, Information Security Advisor (Cloud) provides guidance to business lines to ensure design, development and implementation of complex cloud projects and initiatives are in accordance with the Bank\'s Information Security Standards and in compliance with industry regulations. The Senior Manager will manage a team of Senior Information Security Advisors assisting business functions in making informed decisions to protect information assets deployed in Public Clouds environments.
Is this role right for you?

• You have led a team of senior professionals providing security advisory services.
• You have a strong experience leading complex projects providing security advise to ensure information security risk are mitigated.
• You thrive in solutioning for multiple security domains (Risk Management, Data Protection, Cloud Security Engineering, Identity and Access Management, Cloud Security Architecture, etc.) and knowledgeable of Zero Trust Architecture principles.
• You are proficient in reviewing architecture and solution design documentation and can identify and assess potential risks.
• You excel in reviewing documents (Security Design) and creating assessment documents (Threat Risk Assessment) and evaluating risks.
• You are passionate about new technologies and enjoy the challenges of implementing security controls to protect them.
• Working on different types of projects (from large complex to simple) is a part of your DNA.
• You are passionate about leading by example, mentoring and coaching staff.
• You love to collaborate with various business lines, IT support functions and IS&C Control functions.

Do you have the skills that will enable you to succeed in this role?

• Post-secondary education in Computer Science or in a related field.
• You have at least 5 years of hands-on technical working experience in performing threat risk assessments on complex applications and network environments. Experience with Threat Risk Assessments of applications migrated into the Cloud Environments.
• You have at least 6 years experience in security solution architecture, software development, and/or hands-on experience with implementations of cloud environments, security controls and cloud-based solutions.
• You have at least 2 years of experience leading a team of security advisors, analysists, architects, or software developers as well as conducting performance reviews, and hiring new team members.
• You are a passionate leader who can foster a creative atmosphere, motivate, and coach your team members and lead by example. You have a track record of building a high-performance team.
• You have solid knowledge of cloud technologies and cloud security (GCP or Azure or AWS, Kubernetes and IAM, CI/CD pipelines, infrastructure as a code).
• Experience with GCP and Kubernetes is a strong asset.
• You have cloud security engineering or cloud solution architecture certifications from Google, Microsoft of AWS.
• You have used industry leading productivity tools to produce quantitative/qualitative reports; data flow diagrams & visual presentations.
• Certifications (CISSP, CISM, CCSP, CRISC) are nice to have.
• Familiar with industry standards and frameworks e.g. NIST 800-53, ISO 27001, ISO27002, ISO 27017, ISO27018, PCI DSS.
• You possess advanced communication (verbal/written/presentation) skills in English. Knowledge of Spanish is an asset.

Key Job Accountabilities:
Providing the following functions to Scotiabank\xe2\x80\x99s Cloud Initiatives for the regional Digital Factories:

• Effectively lead and motivate a team of Senior Security Cloud Advisors.
• Provide Advisory work and conduct Threat Risk Assessments on large high-profile cloud initiatives implemented in GCP and Azure.
• Reviewing and managing Threat Risk Assessments and Advisory work on specific applications and infrastructure associated with Scotiabank\xe2\x80\x99s Cloud Initiatives ensuring that controls are adequate, meet Bank standards, and enable business objectives.
• Provide Quality Assurance on Threat Risk Assessments and Threat Modelling as required for Cloud initiatives.
• Provide support on how to apply the Bank\'s portfolio of standards to the technology footprint of Scotiabank\xe2\x80\x99s Cloud offering.
• Provide oversight over the specific line of business security posture, ensuring that all tools available to detect and remediate security risks have been applied.
• Provide oversight over vulnerability management remediation activities for the Digital Banking and GTS Lines of Business.
• Conduct industry reviews and benchmarking exercises to ensure our controls are aligned with our peers, emerging threats, and available mitigation strategies.
• Working directly with the Digital Factory Teams and their initiatives from an Information Security perspective.
• Providing relationship management function primarily to the Enterprise Cloud team from an Information Security perspective.

Location(s): Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.