Senior Manager, Cyber Security And It Risk

Requisition ID: 176711

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

Contribute to the overall successful development and execution of a second line of defense program for Cyber Security and IT risk, performs assessments of risk management practices carried out by the first lines of defense, carries out quantitative analysis of threat and vulnerability scenarios which may impact global IT systems operation as well as business processes supporting the Bank’s multiple delivery channels, ensuring all operates within the Bank’s risk appetite levels for Cyber Security and IT services.

Contributes to the development, execution and ultimately the overall success of a second line of defence function within the Global Cyber Security and IT Risk Management Program.

Delivers challenge and independent assessment and oversight of risk management practices carried out by the first line of defence.

Ensure that the Bank’s processes and controls relating to Cyber Security and IT Risks are sufficient to comply with regulatory requirements, internal policies and standards.

Key Accountabilities

Delivers objective evaluation and oversight of risk management practices carried out by the first line of defence to ensure that the Bank’s processes and controls relating to Cyber Security and IT Risks are sufficient to maintain the consistent operation of systems, the continuous availability and integrity of data and the confidentiality of sensitive information. The Bank’s global IT operation consists of over 2000 applications and more than 250,000 technology components across various global sites which are security monitored through the Bank’s centralized Security Operations Centre.

Guides IT, Security and other control functions on Cyber Security and IT Risk management processes, systems and procedures; reviews and provides advice relating to policies frameworks, standards and control objectives; and ultimately builds and sustains a risk aware culture.

Collaborates with internal and external partners to ensure information sharing and support complementary and contrasting risk oversight initiatives as appropriate

Key Traits

Influencing Ability

• Results Orientation
• Communication
• Coaching and Mentoring
• Behavioural Change Management
• Conflict Resolution and Negotiation

Risk Skills

• Decision Making and Judgement
• Data Aggregation and Analysis
• Puzzle Solvers
• Cyber, Technological and Architectural/Strategic Risk Knowledge

Business Acumen

• Regulatory Awareness
• Innovation and Continuous Improvement
• Strategic Awareness
• Commercial and Financial Awareness
• Industry Knowledge

Dimensions

Cyber risk is a key priority for Scotiabank, and Scotiabank is committed to dealing with cyber risk issues efficiently and effectively. Based in Toronto with a significant amount of work performed remotely with other countries, majority of the work is performed via voice and video calls. The possibility of travel to global sites may be required although infrequent, will require the ability to travel without restrictions as necessary

• Able to assess Architecture and Design artifacts such as an architecture reference document and technical requirements design document for each of the individual components, diagrams, and technical presentations.
• Demonstrated experience operating in day-to-day aspects of a dynamic team environment. Ability to work autonomously with accountability for work deliverables. Comfortable working with ambiguous and/or differing data points to create opinions. The ability to work well under pressure while maintaining a professional image.
• Able to search and monitor technology developments and industry trends, assess their applicability, functionality and reliability for the Bank, and recommend technologies that will enhance the Bank’s cyber security and technology posture, productivity and the achievement of the business requirements and objectives
• Must possess strong communication (oral and written), listening, presentation & facilitation skills.
• Learning agility as evidenced by a commitment to continued self-development of business and technical knowledge.
• Able to convert technical information into operational risks and to communicate complex topics both orally and in written form. Must be detail-oriented and able to interact with other staff and clients, in person or by phone.
• Critical thinking, thought leadership, problem solving and creativity. Commitment to continued self-development of technical and non-technical knowledge

Education / Experience

• 3+ years of architecture, design and hands-on implementation experience.
• Master’s degree or higher in science, technology, engineering, or mathematics is an asset
• 5+ years of experience with IT Operations, Information/Cyber security risk experience. Subject matter expertise is an asset.
• 5+ years experience in consulting and advisory roles. Experience in the Security and Information Technology Industry.
• Bilingual in Spanish with superior oral and written skills is an asset.
• Solid understanding of key information security frameworks and regulations (including SoX, FISMA, NIST, PCI). Experience using COBIT, ITIL and other IT Operation specific industry frameworks. Experience using of GRC risk management tools. Professional certifications and membership of associations such as CRISC, CISA, CISSP, CISM, etc. are an asset.
• Excellent interpersonal, leadership and relationship-building skills to deal with senior levels of management, local and remote business partners and regional risk teams.
• Demonstrated ability to analyze complex data to arrive at succinct messages and conclusions.

Location(s): Canada : Ontario : Toronto