Job Description

Requisition ID: 158284

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.
The Team
Scotiabank’s Information Security & Control (IS&C)’s Application Security team is reponsable to improve security practices and, through that, to find and preferably prevent security issues within applications.
The Application Security team has global accountability and is highly supportive of the Bank’s business, enabling execution of the Bank’s strategies, operations and services, while ensuring that appropriate application security practices are adhered to. This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to web application vulnerabilities and threats. This candidate will be expected to work closely with the application development groups to integrate application security processes and procedures into the software development lifecycle.
Where will you work? This is a hybrid position.
The role: The incumbent is responsible for supporting the Senior Manager, Director, VP, SVP and CISO in achieving IS&C Strategic goals through various processes, including:

• 
  Develop and/or enhance strategies and processes to manage web application security vulnerabilities and threats for both transactional and marketing/informational web sites.
• Develop and/or enhance communication model to manage web application vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.
• Develop and/or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation relative to established objectives

Is this role right for you?

• 
  Recommend, design, assess, implement, deploy and maintain application security controls required to protect Scotiabank and its customers.
• Responsible for developing and/or enhancing the strategies and processes to identify, analyze, and communicate application vulnerabilities as per the CISO Directive and published communication process flows.
• Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
• Responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner

Do you have the skills that will enable you to succeed in this role?

• 
  A minimum of 2 years’ experience as a leader with more than 5 direct reports.
• A minimum of 3 years’ experience of multi-tier Web Applications, web services, and related vulnerabilities and potentials threats. Staying abreast of information provided by recognized organizations such as OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and Exposures).
• A minimum of 3 years’ experience of the HTTP protocol, System Development Lifecycle (SDLC) and Web Programing for multi-tier web applications and web services.
• A minimum of 3 years’ experience of JavaScript, SQL, HTML, XML, ASP.net, VB.net, Java, PHP, XML, Python, PowerShell and Ruby.
• Experience performing source code and/or application security assessments, including risk assessments, and penetration testing. The ability to demonstrate exploitation of vulnerabilities is essential, as would experience with vulnerability testing and scanning tools such as BURP Suite, HP WebInspect, AppScan, SQLMap, ZAP, and Fortify.
• Must have an understanding of gateway technologies and network devices such as Load Balancers, Proxies, IPS, WAF.
• Must have the ability to generate reports and tailor his/her communication strategy for various levels of technical staff, executive management, and business clients.

Education Experiences:

• 
  CISSP and/or CISA designation beneficial but not required.
• CEH, OSCP, OSWE
• University degree or college deploma , and a minimum of four (4) years equivalent security industry-related experience required

What's in it for you?

• 
  We have an inclusive and collaborative working environment that encourages creativity, curiosity, and celebrates success!
• We provide you with the tools and technology needed to create beautiful customer experiences
• You'll get to work with and learn from diverse industry leaders, who have hailed from top technology companies around the world
• We offer a competitive total rewards package that includes a base salary, a performance bonus, company matching programs (on pension & profit sharing), generous vacation, personal & sick days, personal development funding, maternity leave top-up, parental leave and much more.

#LI-Hybrid
Location(s): Canada : Ontario : Scarborough

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.