Director, Cloud Security

Toronto, ON, CA, M5H1H1

Apply now Apply later

 

 

 

Requisition ID: 210242

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

 

The Director, Cloud Security will lead and oversee Cloud Security within Global Risk Management (GRM) globally ensuring business strategies, plans and initiatives are executed and delivered in compliance with governing regulations, internal policies, procedures with an understanding of industry frameworks/regulations/standards like CSA STAR, ISO, NIST, OWASP, OSFI etc in scope of cloud security.

 

Leads a second line of defense team to oversee and monitor cloud security, architecture and design with a focus on data risk management programs (i.e data protection). The role will partner closely with cross functional teams in the Bank including data risk management, security, devOps, infrastructure, network and technology teams to evolve foundational and transformational security and data risk management strategy for cloud across the enterprise.

 

Is this role right for you? In this role, you will:

  • Leads and drives a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
  • Drives security and compliance of the Bank’s cloud environments, while also providing  strategic guidance and implementation  of a comprehensive second line of defense  over key components in cloud , including security, data protection, architecture (both technical and data) cloud.
  • Partners with key stakeholders to oversee and monitor enterprise aligned cloud strategic framework as well as assess design and provide architectural advice on how to securely develop and build applications and supporting infrastructure. 
  • Develop programs to enable the identification of cloud cyber security and IT risks, by providing compliance and oversight in the form of frameworks, policies, tools, and techniques to support risk and compliance management.
  • Challenge the creation of secure reference architectures, frameworks, policies and patterns for the security aspects of the SDLC including application, mobile, infrastructure, DevOps, cloud, and CI/CD pipelines.  Challenge scalable Cloud Security architectural patterns and templates that supports enhancing Cloud Security posture through tooling, automation, and other means.
  • Governance of cloud security practices at Scotiabank to enable cloud acceleration in a secure manner. Assess security controls, requirements, architecture and tooling to manage the security posture and secure workloads to support Bank’s cloud migration.
  • Support a continuous evolving holistic cloud security strategy covering the various cloud deployment models – SaaS, PaaS and IaaS.
  • Monitor and report on the effectiveness of security controls and make recommendations for improvement.
  • Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
  • Creates an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
  • Builds a high performance environment and implements a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vison/values/business strategy; and, managing succession and development planning for the team.

 

Do you have the skills that will enable you to succeed in this role?  We’d love to work with you if you have experience with:

  • University degree, preferably in Computer Engineering, Computer Science or related field, and a minimum of 10 years’ experience in increasingly senior Information Security roles in a complex, global organization.
  • 3+ years of experience developing, implementing and maintaining security solutions in public cloud like GCP, Azure or AWS. Extensive understanding of cloud infrastructure and services.
  • Experience leveraging CI/CD deployment methodologies and infrastructure as code (IaC)
  • Financial services and, specifically, banking experience is mandatory.
  • Experienced in driving cross functional senior executive steering committees with a global presence.
  • Experienced in develop and manage multi-million business cases for strategic initiatives.
  • Expertise in product/application security architecture, application security, cloud SaaS/PaaS/IaaS solutions.
  • Understanding of application and product architectures, programming languages, web application stacks, and SDLC pipelines.
  • Excellent written and verbal communication skills, with the ability to communicate security objectives and concepts to technology and business teams to technical and non-technical stakeholders.
  • Ability to lead technical teams in a highly complex and matrixed organization. Ability to lead through influence, excellence and example is essential to success.
  • Strong leadership and collaboration skills. Excellent oral and written communication, ability to present confidently to senior executives, attention to detail and strong planning and management ability.
  • Deep and broad knowledge of enterprise, cloud, and security technologies is expected. Specific strong knowledge and experience with common hosting, storage, and networking technologies is required. Experience with Workload Protection and Posture Management products an asset.
  • Experience with and knowledge of formal project management methodologies is desired.
  • English fluency required and Spanish preferred.

 

What's in it for you?

  • The opportunity to join a forward-thinking and collaborative team, surrounded by innovative thinkers
  • A rewarding career path with diverse opportunities for professional development
  • Internal training to support your growth and enhance your skills
  • An inclusive working environment that encourages creativity, curiosity, and celebrates success!
  • Work in an Ecosystem; a bright, modern space where you’ll have access to group seating, offices, collaboration spaces, a cafeteria with different options daily, a bistro, and more
  • Hybrid Work Environment

 

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: Application security Automation AWS Azure Banking CI/CD Cloud Compliance Computer Science DevOps GCP Governance IaaS NIST OWASP PaaS Risk management SaaS SDLC Security strategy Strategy

Perks/benefits: Career development

Region: North America
Country: Canada

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.