Senior Audit Manager, IT & Cyber Security Audit

Requisition ID: 231937

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

As the 3rd Line of Defence, Internal Audit provides enterprise-wide, independent, and objective assurance over the design and operations of the Bank’s internal controls, risk management and governance processes. We are professionals who thrive in a challenging environment and work with management to find solutions to address control weaknesses.

The Senior Audit Manager is responsible for leading and conducting IT And Cyber Security risk-based audit assessments, of medium to high complexity, following the Bank's Audit Methodology. This is in support of the Audit Department in executing on its global mandate, ensuring business strategies, plans and initiatives and all audit activities are conducted in compliance with governing regulations, internal policies, and procedures. The Senior Audit Manager is a dynamic, innovative, and trusted advisor who uses data to deliver industry leading assurance and insights to keep the Bank and our customers safe.

As a Senior Audit Manager, you will support the Director, IT & Cyber Security Audit, by planning and executing risk-based technical audits, across Cyber Security, Technology Infrastructure, Applications, Cloud and Digital Banking, to provide opinions on the effectiveness of controls to meet business objectives. In addition, the subject matter expert is expected to be knowledgeable in risks associated with systems development methodologies (Waterfall and Agile), project management, automation and orchestration, data protection and outsourced IT services.

Key Accountabilities

Execution:

• Acts primarily as Officer in Charge (OIC) for assigned audits. May act as Audit Principal (AP) for low to medium complexity audits.
• Works with other audit teams as required.
• Carries out specific IT and Cyber Security projects.
• As OIC/AP, oversees the execution, planning, and reporting. Obtains a thorough understanding of the end-to-end business/unit/process and associated risks, develops an appropriate risk-based audit approach and schedules timing and resources.
• Ensures audit results are gathered and determines the root cause of the problem. Prepares and/or reviews audit results and findings for presentation to management. Follows-up for corrective action/progress against any reported issues. Ensures relevant information that impacts other audit function areas is shared.
• Supports a client focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
• Understands how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Plans, documents, and seeks agreement in advance to the project approach and confirms conclusions upon completion in writing.
• Ensures Scotiabank standards and the Institute of Internal Auditors (IIA) Code of Ethics are maintained in completion of all assignments.
• Builds and maintains strong relationships with internal and external stakeholders and regulators as required.
• Interacts and coordinates with other groups involved. Completes timely review of workpapers, ensuring internal control weaknesses are clearly documented with recommendations addressing the root cause and are communicated timely to management.

Leadership:

• Supports ongoing monitoring activities to stay abreast of changes (business/industry/regulatory), emerging risks, and themes or systemic issues that may impact the risk assessment of the audit universe and the audit plan.
• Supports a high-performance environment and implements a people strategy that attracts, retains, develops, and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vison/values/business strategy; and managing succession and development planning for the team.
• Meets Department training requirements.
• Maintain information security competency through ongoing professional development and staying abreast of emerging technologies, risks and controls in information and cyber security.
• Provide direction, guidance and expert advice to audit teams globally to allow definition of effective assessments on information and cyber security risk management.
• When required, prepare and deliver effective presentations on various audit and information security related matters to Audit senior management and relevant stakeholder across the Bank as a means to demonstrate expertise.
• Identify and advise Audit teams on the use of data analytics and other advanced techniques and tools in order to improve efficiency and effectiveness of audit assessments.
• Establish and maintain solid relationship with audit clients to serve as a catalyst of positive change and improvement of information and cyber security risk management.

Functional Competencies

• At least 5+ years of information technology and cyber security experience.
• Highly developed interpersonal and communication skills (verbal and written).
• Ability to work independently and as part of a team of professionals.
• Curiosity mindset.
• Working knowledge of the operations and regulatory environments for each unit as applicable.
• Knowledgeable in cyber security processes areas such as web application security, secure network security architecture, penetration testing, Red Team testing, vulnerability assessments, encryption, data loss prevention, coding assessment, cloud security, DDoS protection, and malware protection.
• Experience in the assessment of threats and risks over IT processes and assets.
• Excellent analytical skills and proficiency with Microsoft Word, excel, and Powerpoint.
• Proven ability to work in high levels of ambiguity and in a rapidly changing environment.
• Knowledge and experience with security assessment tools (exploit tools, vulnerability assessment) and Security Operations Centre software (IDS, IPS, SIEM, etc.).

Education

• Bachelor’s degree in Information Technology, Computer Science or equivalent required.
• One or more of the following certifications: CISA, CISM, CISSP, CCSP, GCIA, CEH is required.
• Cloud engineering or architecture designation would be an asset.

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.